blog.trendmicro.com Open in urlscan Pro
23.37.49.171 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Submission: On May 09 via api (May 9th 2020, 4:26:08 pm UTC) from DE

Summary HTTP 165 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 50 IPs in 6 countries across 42 domains to perform 165 HTTP transactions. The main IP is 23.37.49.171, located in Netherlands and belongs to AKAMAI-AS, US. The main domain is blog.trendmicro.com.
TLS certificate: Issued by AffirmTrust Extended Validation CA - EV1 on March 25th 2020. Valid for: 2 years.

This is the only time blog.trendmicro.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
61	23.37.49.171 23.37.49.171	16625 (AKAMAI-AS) (AKAMAI-AS)
7	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
1	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
9	150.70.178.131 150.70.178.131	16880 (AS2-TREND...) (AS2-TRENDMICRO-COM)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
6	34.96.102.137 34.96.102.137	15169 (GOOGLE) (GOOGLE)
10	152.199.23.241 152.199.23.241	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:820::2008	15169 (GOOGLE) (GOOGLE)
1	3.93.188.41 3.93.188.41	14618 (AMAZON-AES) (AMAZON-AES)
3	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY)
6	2a00:1450:400... 2a00:1450:4001:81b::200e	15169 (GOOGLE) (GOOGLE)
1	54.87.159.104 54.87.159.104	14618 (AMAZON-AES) (AMAZON-AES)
1	107.20.140.231 107.20.140.231	14618 (AMAZON-AES) (AMAZON-AES)
3	2606:4700::68... 2606:4700::6812:a813	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	151.101.0.134 151.101.0.134	54113 (FASTLY) (FASTLY)
3	2606:4700::68... 2606:4700::6810:a20d	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81f::2003	15169 (GOOGLE) (GOOGLE)
1	35.201.125.192 35.201.125.192	15169 (GOOGLE) (GOOGLE)
2	88.221.60.75 88.221.60.75	16625 (AKAMAI-AS) (AKAMAI-AS)
2	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
1	104.17.72.206 104.17.72.206	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:10c... 2a02:26f0:10c:399::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 5	23.37.61.90 23.37.61.90	16625 (AKAMAI-AS) (AKAMAI-AS)
1 6	52.215.103.126 52.215.103.126	16509 (AMAZON-02) (AMAZON-02)
1 3	2.16.31.65 2.16.31.65	16625 (AKAMAI-AS) (AKAMAI-AS)
1	104.16.88.26 104.16.88.26	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	52.49.190.28 52.49.190.28	16509 (AMAZON-02) (AMAZON-02)
1	95.100.78.156 95.100.78.156	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	216.58.205.230 216.58.205.230	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.230.181.160 54.230.181.160	16509 (AMAZON-02) (AMAZON-02)
1 1	68.67.153.60 68.67.153.60	29990 (ASN-APPNEX) (ASN-APPNEX)
2 2	37.252.173.38 37.252.173.38	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.225.87.25 13.225.87.25	16509 (AMAZON-02) (AMAZON-02)
1 2	2a00:1450:400... 2a00:1450:4001:819::2002	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:815::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:814::2003	15169 (GOOGLE) (GOOGLE)
1	35.244.153.179 35.244.153.179	15169 (GOOGLE) (GOOGLE)
1	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	67.202.110.34 67.202.110.34	32748 (STEADFAST) (STEADFAST)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
1	92.123.150.214 92.123.150.214	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.250.145.255 34.250.145.255	16509 (AMAZON-02) (AMAZON-02)
2 3	3.127.178.105 3.127.178.105	16509 (AMAZON-02) (AMAZON-02)
4 4	2.18.233.201 2.18.233.201	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.0.243.110 52.0.243.110	14618 (AMAZON-AES) (AMAZON-AES)
1	208.100.17.188 208.100.17.188	32748 (STEADFAST) (STEADFAST)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	52.17.96.142 52.17.96.142	16509 (AMAZON-02) (AMAZON-02)
165	50

61 23.37.49.171 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-49-171.deploy.static.akamaitechnologies.com

blog.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 151.139.128.11 (Dallas, United States)

ASN20446 (HIGHWINDS3, US)

cdn.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m9m6e2w5.stackpathcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 150.70.178.131 (Japan)

ASN16880 (AS2-TRENDMICRO-COM, US)
PTR: sjc1-te-ftp.trendmicro.com

documents.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.96.102.137 (United States)

ASN15169 (GOOGLE, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 152.199.23.241 (United States)

ASN15133 (EDGECAST, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.93.188.41 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-93-188-41.compute-1.amazonaws.com

www.shareaholic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.12.134 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

trendlabs.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.87.159.104 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-87-159-104.compute-1.amazonaws.com

analytics.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.20.140.231 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-140-231.compute-1.amazonaws.com

partner.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:a813 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:a20d (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK, US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Ascension Island)

ASN15169 (GOOGLE, US)
PTR: 192.125.201.35.bc.googleusercontent.com

cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.221.60.75 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a88-221-60-75.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.72.206 (United States)

ASN13335 (CLOUDFLARENET, US)

resources.trendmicro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:399::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.37.61.90 (Netherlands) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-61-90.deploy.static.akamaitechnologies.com

px.owneriq.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.215.103.126 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2.16.31.65 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-31-65.deploy.static.akamaitechnologies.com

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.88.26 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.190.28 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-190-28.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.100.78.156 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-78-156.deploy.static.akamaitechnologies.com

tags.bkrtx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:10:101::b93f:9105 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.205.230 (Mountain View, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra15s24-in-f6.1e100.net

5427711.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.230.181.160 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-181-160.ham50.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.153.60 (United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net

s.ml-attr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.173.38 (Ascension Island) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 537.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.87.25 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-87-25.fra2.r.cloudfront.net

attr.ml-api.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.153.179 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: 179.153.244.35.bc.googleusercontent.com

ixf2-api.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.110.34 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: ip34.67-202-110.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

945-cxd-062.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 92.123.150.214 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a92-123-150-214.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.250.145.255 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-145-255.eu-west-1.compute.amazonaws.com

api.viglink.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.127.178.105 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.233.201 (Ascension Island) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.0.243.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-0-243-110.compute-1.amazonaws.com

pixel.shareaholic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.100.17.188 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: ip188.208-100-17.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.17.96.142 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-96-142.eu-west-1.compute.amazonaws.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	trendmicro.com blog.trendmicro.com www.trendmicro.com documents.trendmicro.com resources.trendmicro.com	1 MB
10	tiqcdn.com tags.tiqcdn.com	36 KB
8	google-analytics.com ssl.google-analytics.com www.google-analytics.com	56 KB
6	ml314.com 1 redirects ml314.com	9 KB
6	stackpathcdn.com m9m6e2w5.stackpathcdn.com	99 KB
6	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com	97 KB
5	owneriq.net 2 redirects px.owneriq.net	6 KB
5	viglink.com cdn.viglink.com api.viglink.com	30 KB
5	disqus.com trendlabs.disqus.com disqus.com referrer.disqus.com	30 KB
4	mathtag.com 4 redirects pixel.mathtag.com	2 KB
4	doubleclick.net 2 redirects 5427711.fls.doubleclick.net googleads.g.doubleclick.net	3 KB
3	eyeota.net 2 redirects ps.eyeota.net	2 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	2 KB
3	tynt.com cdn.tynt.com ic.tynt.com de.tynt.com	5 KB
3	scorecardresearch.com 1 redirects sb.scorecardresearch.com	2 KB
3	disquscdn.com c.disquscdn.com	219 KB
3	shareaholic.com analytics.shareaholic.com partner.shareaholic.com pixel.shareaholic.com	3 KB
2	google.de www.google.de	220 B
2	google.com 1 redirects www.google.com	722 B
2	adnxs.com 2 redirects secure.adnxs.com	2 KB
2	adsrvr.org js.adsrvr.org insight.adsrvr.org	2 KB
2	bing.com bat.bing.com	8 KB
2	crwdcntrl.net 1 redirects sync.crwdcntrl.net	976 B
2	googleadservices.com www.googleadservices.com	12 KB
2	marketo.net munchkin.marketo.net	6 KB
2	bc0a.com cdn.bc0a.com ixf2-api.bc0a.com	21 KB
2	googletagmanager.com www.googletagmanager.com	65 KB
2	shareaholic.net cdn.shareaholic.net www.shareaholic.net	6 KB
1	twitter.com analytics.twitter.com	652 B
1	bluekai.com stags.bluekai.com
1	mktoresp.com 945-cxd-062.mktoresp.com	304 B
1	t.co t.co	448 B
1	ml-api.io attr.ml-api.io	484 B
1	ml-attr.com 1 redirects s.ml-attr.com	284 B
1	bkrtx.com tags.bkrtx.com	11 KB
1	bizographics.com sjs.bizographics.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	ytimg.com s.ytimg.com	25 KB
1	gstatic.com fonts.gstatic.com	9 KB
1	youtube.com www.youtube.com	1 KB
1	facebook.com graph.facebook.com	567 B
1	googleapis.com fonts.googleapis.com	957 B
165	42

	Domain	Requested by
60	blog.trendmicro.com	blog.trendmicro.com
10	tags.tiqcdn.com	blog.trendmicro.com tags.tiqcdn.com
9	documents.trendmicro.com	blog.trendmicro.com
6	ml314.com	1 redirects partner.shareaholic.com ml314.com blog.trendmicro.com
6	www.google-analytics.com	blog.trendmicro.com www.google-analytics.com www.googletagmanager.com
6	m9m6e2w5.stackpathcdn.com	cdn.shareaholic.net blog.trendmicro.com m9m6e2w5.stackpathcdn.com
6	dev.visualwebsiteoptimizer.com	blog.trendmicro.com dev.visualwebsiteoptimizer.com
5	px.owneriq.net	2 redirects partner.shareaholic.com px.owneriq.net blog.trendmicro.com
4	pixel.mathtag.com	4 redirects
3	ps.eyeota.net	2 redirects blog.trendmicro.com
3	sb.scorecardresearch.com	1 redirects partner.shareaholic.com blog.trendmicro.com
3	cdn.viglink.com	m9m6e2w5.stackpathcdn.com blog.trendmicro.com
3	c.disquscdn.com	trendlabs.disqus.com
2	api.viglink.com	cdn.viglink.com
2	www.google.de	blog.trendmicro.com
2	www.google.com	1 redirects blog.trendmicro.com
2	googleads.g.doubleclick.net	1 redirects www.googleadservices.com
2	secure.adnxs.com	2 redirects
2	bat.bing.com	www.googletagmanager.com blog.trendmicro.com
2	5427711.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	px.ads.linkedin.com	1 redirects blog.trendmicro.com
2	sync.crwdcntrl.net	1 redirects blog.trendmicro.com
2	www.googleadservices.com	tags.tiqcdn.com www.googleadservices.com
2	munchkin.marketo.net	tags.tiqcdn.com munchkin.marketo.net
2	disqus.com	trendlabs.disqus.com
2	trendlabs.disqus.com	blog.trendmicro.com
2	ssl.google-analytics.com	blog.trendmicro.com
2	www.googletagmanager.com	blog.trendmicro.com tags.tiqcdn.com
1	insight.adsrvr.org	js.adsrvr.org
1	referrer.disqus.com
1	analytics.twitter.com	static.ads-twitter.com
1	de.tynt.com	cdn.tynt.com
1	pixel.shareaholic.com	blog.trendmicro.com
1	stags.bluekai.com	tags.bkrtx.com
1	945-cxd-062.mktoresp.com	munchkin.marketo.net
1	ic.tynt.com	blog.trendmicro.com
1	t.co	blog.trendmicro.com
1	ixf2-api.bc0a.com	cdn.bc0a.com
1	attr.ml-api.io	blog.trendmicro.com
1	s.ml-attr.com	1 redirects
1	js.adsrvr.org	www.googletagmanager.com
1	www.linkedin.com	1 redirects
1	tags.bkrtx.com	partner.shareaholic.com
1	cdn.tynt.com	partner.shareaholic.com
1	sjs.bizographics.com	tags.tiqcdn.com
1	static.ads-twitter.com	tags.tiqcdn.com
1	resources.trendmicro.com	tags.tiqcdn.com
1	cdn.bc0a.com	tags.tiqcdn.com
1	s.ytimg.com	www.youtube.com
1	fonts.gstatic.com	blog.trendmicro.com
1	www.youtube.com	tags.tiqcdn.com
1	graph.facebook.com	m9m6e2w5.stackpathcdn.com
1	partner.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	analytics.shareaholic.com	m9m6e2w5.stackpathcdn.com
1	www.shareaholic.net	cdn.shareaholic.net
1	www.trendmicro.com	blog.trendmicro.com
1	fonts.googleapis.com	blog.trendmicro.com
1	cdn.shareaholic.net	blog.trendmicro.com
165	58

This site contains links to these domains. Also see Links.

Domain
www.trendmicro.com
twitter.com
www.facebook.com
www.linkedin.com
www.youtube.com
feeds.trendmicro.com
yck1509.github.io
www.trendmicro.com.au
www.trendmicro.co.nz
cn.trendmicro.com
jp.trendmicro.com
www.trendmicro.co.kr
tw.trendmicro.com
br.trendmicro.com
la.trendmicro.com
ca.trendmicro.com
www.trendmicro.fr
www.trendmicro.de
www.trendmicro.it
www.trendmicro.com.ru
www.trendmicro.es
www.trendmicro.co.uk

Subject Issuer	Validity	Valid
www.trendmicro.com AffirmTrust Extended Validation CA - EV1	`2020-03-25` - `2022-03-26`	2 years	crt.sh
cdn.shareaholic.net Sectigo RSA Domain Validation Secure Server CA	`2020-05-08` - `2020-08-06`	3 months	crt.sh
upload.video.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.trendmicro.com AffirmTrust Certificate Authority - OV1	`2020-02-07` - `2022-02-07`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2017-06-30` - `2020-07-06`	3 years	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2020-03-17` - `2022-06-17`	2 years	crt.sh
*.stackpathcdn.com Go Daddy Secure Certificate Authority - G2	`2019-06-27` - `2021-06-27`	2 years	crt.sh
*.shareaholic.net Let's Encrypt Authority X3	`2020-05-01` - `2020-07-30`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
shareaholic.com Amazon	`2019-07-31` - `2020-08-31`	a year	crt.sh
*.shareaholic.com Let's Encrypt Authority X3	`2020-05-01` - `2020-07-30`	3 months	crt.sh
sni.cloudflaressl.com CloudFlare Inc ECC CA-2	`2020-04-06` - `2020-10-09`	6 months	crt.sh
ssl418259.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2020-01-18` - `2020-07-26`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-04-15` - `2020-07-14`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.gstatic.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
cdn.bc0a.com GTS CA 1D2	`2020-05-03` - `2020-08-01`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2020-03-14` - `2021-04-13`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
resources.trendmicro.com CloudFlare Inc ECC CA-2	`2019-08-26` - `2020-08-25`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2020-03-23` - `2022-03-28`	2 years	crt.sh
*.owneriq.net GeoTrust RSA CA 2018	`2019-12-27` - `2021-03-27`	a year	crt.sh
*.ml314.com Amazon	`2020-02-17` - `2021-03-17`	a year	crt.sh
*.scorecardresearch.com Sectigo RSA Organization Validation Secure Server CA	`2019-12-16` - `2020-12-25`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2019-10-01` - `2021-09-30`	2 years	crt.sh
*.crwdcntrl.net Go Daddy Secure Certificate Authority - G2	`2019-06-13` - `2021-06-28`	2 years	crt.sh
*.bkrtx.com DigiCert SHA2 Secure Server CA	`2020-02-28` - `2021-05-29`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
*.doubleclick.net GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
*.adsrvr.org Trustwave Organization Validation SHA256 CA, Level 1	`2019-03-07` - `2021-04-19`	2 years	crt.sh
*.ml-api.io Amazon	`2020-02-06` - `2021-03-06`	a year	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
ixf2-api.bc0a.com GTS CA 1D2	`2020-05-01` - `2020-07-30`	3 months	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.google.com GTS CA 1O1	`2020-04-15` - `2020-07-08`	3 months	crt.sh
*.mktoresp.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2022-01-21`	2 years	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-04-14` - `2021-04-10`	a year	crt.sh
viglink.com Amazon	`2020-01-10` - `2021-02-10`	a year	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2020-04-10` - `2020-07-09`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh

This page contains 6 frames:

Primary Page: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Frame ID: 92D25D8E3386EED3504239B3456C9ABB
Requests: 160 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=trendlabs&t_i=87278%20https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2F%3Fp%3D87278&t_u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&t_e=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations&t_d=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&t_t=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations&s_o=default
Frame ID: 9663EEF799B26D76F4FB400C816F4ABA
Requests: 1 HTTP requests in this frame

Frame: https://5427711.fls.doubleclick.net/activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F
Frame ID: 41447C685DC61CBCDCC8464F706EF1C3
Requests: 1 HTTP requests in this frame

Frame: https://px.owneriq.net/noop?ct=text%2Fhtml
Frame ID: 4BA2E3DB81304D4721E4F6444F08665E
Requests: 1 HTTP requests in this frame

Frame: https://stags.bluekai.com/site/41110?ret=html&phint=sh005%3D1111845&phint=sh001%3D24815323&phint=sh004%3D10813269&phint=sh004%3D10813248&phint=sh001%3D13594596&phint=sh005%3D10813254&phint=sh001%3D10930608&phint=sh004%3D10813255&phint=sh004%3D10813351&phint=sh005%3D10813275&phint=sh004%3D10813253&phint=sh001%3D24816761&phint=sh004%3D10813284&phint=sh005%3D1111754&phint=sh005%3D1111743&phint=sh005%3D1111755&phint=sh001%3D10930641&phint=sh001%3D12644461&phint=sh001%3D12644396&phint=sh004%3D8762415&phint=sh005%3D6573714&phint=__bk_t%3DTargeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&phint=__bk_v%3D3.1.4&limit=1&r=38385184
Frame ID: 133EF0516185342990F0CAAF79A280B7
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=g2lzvow&ref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&upid=803df29&upv=1.1.0&pto=1
Frame ID: 0B6B66D34CBFA771DF1173FF0C64CBBD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

html /<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Analytics Enhanced eCommerce (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/plugins\/ua\/(?:ec|ecommerce)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

script /munchkin\.marketo\.net\/munchkin\.js/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

Page Statistics

165
Requests

100 %
HTTPS

30 %
IPv6

42
Domains

58
Subdomains

50
IPs

6
Countries

1862 kB
Transfer

3448 kB
Size

0
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://www.trendmicro.com/
Title: Trend Micro

Search URL Search Domain Scan URL

URL: https://twitter.com/trendmicrorsrch

Search URL Search Domain Scan URL

URL: http://www.facebook.com/trendmicro

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/trend-micro

Search URL Search Domain Scan URL

URL: http://www.youtube.com/user/TrendMicroInc

Search URL Search Domain Scan URL

URL: http://feeds.trendmicro.com/Anti-MalwareBlog

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/what-you-need-to-know-about-the-lockergoga-ransomware
Title: Lockergoga

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ransom.msil.freezing.a
Title: Freezing

Search URL Search Domain Scan URL

URL: https://yck1509.github.io/ConfuserEx/
Title: ConfuserEx

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/the-sprawling-reach-of-complex-threats
Title: Annual Security Roundup

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/best-practices-ransomware
Title: best practices

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/definition/zero-day-vulnerability
Title: zero-day vulnerabilities

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/business/products/detection-response/xdr.html?utm_campaign=PRLA2019_Corporate_XDR&utm_medium=VURL&utm_source=General&utm_content=XDR
Title: Trend Micro XDR for Users

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/business/products/user-protection/sps/endpoint.html
Title: Trend Micro Apex One™

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/en_us/business/products/user-protection/sps/email-and-collaboration/email-inspector.html
Title: Trend Micro™ Deep Discovery™ Email Inspector

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/security-intelligence/enterprise-ransomware/index.html
Title: ENTERPRISE »

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/security-intelligence/small-business-ransomware/index.html
Title: SMALL BUSINESS»

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/home/consumer-ransomware/index.html
Title: HOME»

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020
Title: Read our security predictions for 2020.

Search URL Search Domain Scan URL

URL: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/security-101-business-process-compromise
Title: read our Security 101: Business Process Compromise.

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/home/index.html
Title: Home and Home Office

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/business/index.html
Title: For Business

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/security-intelligence/index.html
Title: Security Intelligence

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/about-us/index.html
Title: About Trend Micro

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com.au/au/home/index.html
Title: Australia

Search URL Search Domain Scan URL

URL: http://www.trendmicro.co.nz/nz/home/index.html
Title: New Zealand

Search URL Search Domain Scan URL

URL: http://cn.trendmicro.com/cn/home/index.html
Title: 中国

Search URL Search Domain Scan URL

URL: http://jp.trendmicro.com/jp/home/index.html
Title: 日本

Search URL Search Domain Scan URL

URL: http://www.trendmicro.co.kr/index.html
Title: 대한민국

Search URL Search Domain Scan URL

URL: http://tw.trendmicro.com/tw/home/index.html
Title: 台灣

Search URL Search Domain Scan URL

URL: http://br.trendmicro.com/br/home/index.html
Title: Brasil

Search URL Search Domain Scan URL

URL: http://la.trendmicro.com/la/home/index.html
Title: México

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/index.html
Title: United States

Search URL Search Domain Scan URL

URL: http://ca.trendmicro.com/ca/home/index.html
Title: Canada

Search URL Search Domain Scan URL

URL: http://www.trendmicro.fr/
Title: France

Search URL Search Domain Scan URL

URL: http://www.trendmicro.de/
Title: Deutschland / Österreich / Schweiz

Search URL Search Domain Scan URL

URL: http://www.trendmicro.it/
Title: Italia

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com.ru/
Title: Россия

Search URL Search Domain Scan URL

URL: http://www.trendmicro.es/
Title: España

Search URL Search Domain Scan URL

URL: http://www.trendmicro.co.uk/
Title: United Kingdom / Ireland

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/about-us/legal-policies/privacy-statement/index.html
Title: Privacy Statement

Search URL Search Domain Scan URL

URL: http://www.trendmicro.com/us/about-us/legal-policies/index.html
Title: Legal Policies

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 129

https://sync.crwdcntrl.net/map/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e

Request Chain 131

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=1589041533707 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8866%26url%3Dhttps%253A%252F%252Fblog.trendmicro.com%252Ftrendlabs-security-intelligence%252Ftargeted-ransomware-attack-hits-taiwanese-organizations%252F%26time%3D1589041533707%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=1589041533707&liSync=true

Request Chain 132

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F HTTP 302
https://5427711.fls.doubleclick.net/activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F

Request Chain 135

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.trendmicro.com%2526pId%253d%2524UID HTTP 302
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=3196603570809964121

Request Chain 138

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=fdm2XtvYKr2H7_UPi62r4Ac&sscte=1&crd=&gtd= HTTP 302
https://www.google.com/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=fdm2XtvYKr2H7_UPi62r4Ac&random=2519691355&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=fdm2XtvYKr2H7_UPi62r4Ac&random=2519691355&resp=GooglemKTybQhCsO&ipr=y

Request Chain 141

https://px.owneriq.net/eps?pt=sholic&pid=1693&uid=Q6423279331174338935J&l=true HTTP 302
https://px.owneriq.net/noop?ct=text%2Fhtml

Request Chain 142

https://px.owneriq.net/j/?pt=sholic&t=d%7C%22Software%22&s=inte HTTP 302
https://px.owneriq.net/noop?ct=application%2Fx-javascript

Request Chain 143

https://sb.scorecardresearch.com/b?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&c7=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&c7=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&c9=

Request Chain 153

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2zxvxOehPhEW-EYcR1eInSKjqDnenYdIgCDwVtNTCVfI&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

Request Chain 154

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929016537185%26eid=50220 HTTP 302
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929016537185%26eid=50220&mm_bnc&mm_bct&UUID=41755eb6-d97e-4100-a428-b5015e708814 HTTP 302
https://ml314.com/csync.ashx?fp=41755eb6-d97e-4100-a428-b5015e708814&person_id=3610154929016537185&eid=50220

Request Chain 155

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929291788292%26eid=50220 HTTP 302
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929291788292%26eid=50220&mm_bnc&mm_bct&UUID=6d535eb6-d97e-4900-8664-19b8e89a6d88 HTTP 302
https://ml314.com/csync.ashx?fp=6d535eb6-d97e-4900-8664-19b8e89a6d88&person_id=3610154929291788292&eid=50220

165 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/ 88 KB
22 KB 128ms
37ms Document
text/html 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

226659214f0a18a63243a665570ef5377dd0a4929b6198a62092ec92bededcb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Host: blog.trendmicro.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Server: nginx
Content-Type: text/html; charset=UTF-8
Content-Length: 21671
X-Pingback: https://blog.trendmicro.com/trendlabs-security-intelligence/xmlrpc.php
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cache-Hits: 590
Accept-Ranges: bytes
Strict-Transport-Security: max-age=15552000; preload
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1;mode=block
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive

GET
H2 200 shareaholic.js Show response
cdn.shareaholic.net/assets/pub/ 9 KB
4 KB 124ms
42ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: f8f9c7b2b42fddbc8006fce7d7a441502b29063c9e5f735cf13b3d4f5f5198ee

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: gzip
last-modified: Tue, 05 May 2020 16:05:37 GMT
server: nginx
x-amz-request-id: 53B620F90A02B812
etag: "003edf5d8c2a02b5e2c42fa2830c03a9"
x-hw: 1589041532.cds026.pa1.hn,1589041532.cds008.pa1.c
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=900, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3609
x-amz-id-2: gKVoNcB3a54wm+fMXs9qlGE6S7T/JADnDvd8wTS8jyshKmLTSNBA4zpicAzBzDhKEwHLFKq1HmE=

GET
H/1.1 200
OK widget.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/yet-another-related-posts-plugin/style/ 771 B
885 B 42ms
31ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/yet-another-related-posts-plugin/style/widget.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1210b2986220f5f6e6f416d87911e6655eed292f81a8219d8506f57c5d4353a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 384
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 28 Apr 2020 17:05:07 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "303-5a45cd55dfdc5-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK styles.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/feedburner-email-subscription/css/ 513 B
743 B 74ms
31ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/feedburner-email-subscription/css/styles.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

08f91baa9280e9a089f3e8b1dae667c4d69cc8268c59105e324847402332e4fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 242
X-XSS-Protection: 1;mode=block
Last-Modified: Wed, 13 Jan 2016 23:32:09 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "201-5293f9429d040-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK style.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/ 70 KB
15 KB 111ms
51ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/style.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ee290666f02ac90c3e4bb57b767b7a32149599fa59ad1b8120208b74e79237ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 14526
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "11660-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK dynamicCss.php
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/ 16 KB
4 KB 94ms
31ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/dynamicCss.php?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ed8103aa39e3d6156b0fca9caf6fc88473686048f495b08df443a5995e4c33fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Date: Sat, 09 May 2020 16:25:32 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=UTF-8
X-BlogDispatch: Yes
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 3184
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK responsiveCss.php
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/ 21 KB
3 KB 94ms
29ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/responsiveCss.php?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c005667a560305e72f76e6464a0cd95c7dbe9a35da6cffebe3617fbd1496faf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Date: Sat, 09 May 2020 16:25:32 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=UTF-8
X-BlogDispatch: Yes
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 2860
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK customCss.php
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/ 20 KB
5 KB 96ms
28ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/customCss.php?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

bf724439f2f8fd287feb12f58c2e382886601ae7ace43215778dfd3d75435210

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Date: Sat, 09 May 2020 16:25:32 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=UTF-8
X-BlogDispatch: Yes
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 4709
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK style.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/css/dist/block-library/ 63 KB
10 KB 108ms
34ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/css/dist/block-library/style.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9de915b8773f1be6b99448d8fbdb7c359f10b5a06f544181597b8523eca6278b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 9288
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 05 May 2020 14:01:56 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "fc38-5a4e7172a577c-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK fancybox.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fancybox-for-wordpress/assets/css/ 18 KB
4 KB 128ms
33ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fancybox-for-wordpress/assets/css/fancybox.css?ver=1.3.4

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

63af28c56dece5b853cf75697cc86d05eb8a75dae73a65624518806abe57180b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 3849
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 28 Apr 2020 17:03:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
ETag: "4900-5a45ccfe877c2-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK twitter-feed.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wp-to-twitter/css/ 2 KB
1 KB 123ms
28ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wp-to-twitter/css/twitter-feed.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

196b0d1013a5fb1985890e13453ab76df8bdcee3d57893e84afa3f3e58eacf52

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 535
X-XSS-Protection: 1;mode=block
Last-Modified: Fri, 20 Dec 2019 10:50:41 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "6ce-59a2072efab5a-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 1

GET
H/1.1 200
OK wpp.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wordpress-popular-posts/assets/css/ 2 KB
1 KB 131ms
35ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wordpress-popular-posts/assets/css/wpp.css?ver=5.1.0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f26d98c3973c7df12d78bbb4164589b59dc42d4797b58471b358364c1005b2d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 556
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 06 Apr 2020 12:41:04 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "631-5a29e948d62c7-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK layerslider.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/css/ 4 KB
1 KB 145ms
41ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/css/layerslider.css?ver=3.5.0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b4c068f566d4557dac74a849284e07c1da7fb80e8a23812f99016eb1aee15186

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "101b-5205c9517d380-gzip"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423784540
Connection: keep-alive
Content-Type: text/css
Vary: Accept-Encoding
Content-Length: 957
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK frs.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/css/ 8 KB
2 KB 139ms
30ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/css/frs.css?ver=2.3.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

96543b22a94e2ad5bcc8f7c80665280ec6dfcddef0d839bb69d73674468b4459

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 1667
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 14 Aug 2017 09:38:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "1f79-556b36d461f00-gzip"
Vary: Accept-Encoding
X-Varnish: 423788718
Accept-Ranges: bytes
Content-Type: text/css

GET
H/1.1 200
OK frs-position.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/css/ 3 KB
899 B 140ms
29ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/css/frs-position.css?ver=2.3.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

7f5d20386c62bc7957520cfe679927bf480d6ca275e7d1b05f08994bca59b6ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 454
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 14 Aug 2017 09:38:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "c84-556b36d461f00-gzip"
Vary: Accept-Encoding
X-Varnish: 423784541 423779688
Content-Type: text/css
X-Cache-Hits: 1

GET
H2 200 css
fonts.googleapis.com/ 10 KB
957 B 21ms
15ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C700italic%2C400%2C700&ver=2.3.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8b67ffa5bcc69b72e1fd971de44ff6e71b379f039adc48eec47bb678bb619d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Sat, 09 May 2020 16:25:32 GMT
server: ESF
date: Sat, 09 May 2020 16:25:32 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Sat, 09 May 2020 16:25:32 GMT

GET
H/1.1 200
OK jquery.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/ 95 KB
33 KB 165ms
37ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 33776
X-XSS-Protection: 1;mode=block
Last-Modified: Wed, 30 Oct 2019 08:47:45 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "17a69-5961cc96145b6-gzip"
Vary: Accept-Encoding
X-Varnish: 514387628
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK jquery-migrate.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/ 23 KB
8 KB 163ms
32ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

dce50148adaff4dccd1d95c9b25563011436e398272d530e974193b8685340a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 05 May 2019 15:38:02 GMT
Server: nginx
X-Cacheable: YES
ETag: "5bdb-58825c4ecd4bf-gzip"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423785083
Connection: keep-alive
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 7813
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK superfish.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 3 KB
2 KB 170ms
31ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/superfish.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

62d9012a3badacfbf2c47ba8f9e83f5d33b66d05e7b25b54dd60dc07f01a58fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 1342
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "c03-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK verticalMenu.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 2 KB
1 KB 169ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/verticalMenu.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

86321c43556c304568daf15b1660cc91f90db686ee291c5f5da81522cd809ff1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 609
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "7d3-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.tools.tabs.min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 3 KB
2 KB 187ms
42ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/jquery.tools.tabs.min.js?ver=1.2.5

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9609588bc37c441a77b4a59833d9356028c573f4b26615a64f5143e4a197939b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 1326
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "ba9-5205c952715c0-gzip"
Vary: Accept-Encoding
X-Varnish: 423787713
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK jquery.imgpreload.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 2 KB
2 KB 183ms
31ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/jquery.imgpreload.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1fa0c6a60241076bfa896030442753f3880bf99ba73ddb6eb24dccad0bfc075c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 1125
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "89d-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.colorbox-min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 9 KB
5 KB 192ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/jquery.colorbox-min.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

c24b44e8c7234bd170abd96909ce1668bb22d31635b8c99aeedaacf958969c76

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 4193
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "25ec-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK jquery.isotope.min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 16 KB
5 KB 199ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/jquery.isotope.min.js?ver=1.5.19

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

7a3c6d22de397f163b11ae6e13db851b720abb639b0d158e1308a7ef02dfb97d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 5011
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "3e0e-5205c952715c0-gzip"
Vary: Accept-Encoding
X-Varnish: 423778292
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK jquery.easing.1.3.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 7 KB
2 KB 200ms
30ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/jquery.easing.1.3.js?ver=1.3

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

238b3b15fd1f306b170ab1b3af0c3e051f68642d487454544505d9c49d3f93bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 1898
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "1c34-5205c952715c0-gzip"
Vary: Accept-Encoding
X-Varnish: 423788723
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK custom.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 10 KB
4 KB 214ms
31ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/custom.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

31895b039ea1a0252fda10656dbcef19e8647014d00e77f08e32a9db2abbe832

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 3295
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "2970-5205c952715c0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK customJs.php Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/ 439 B
671 B 212ms
29ms Script
text/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/js/customJs.php?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

fb0818cf8e7a75db034fca2117517ea5c98ac7a8236e9971603c3e135cf8bc22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: nginx
Date: Sat, 09 May 2020 16:25:32 GMT
X-Frame-Options: SAMEORIGIN
Content-Type: text/javascript;charset=UTF-8
X-BlogDispatch: Yes
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 277
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK frs.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/ 54 KB
9 KB 230ms
42ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/frs.js?ver=2.3.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

49476f91ae0265b8a2db95ab66cf22d5abd7be374f7ec574443867ccab5ff638

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Mon, 14 Aug 2017 09:38:36 GMT
Server: nginx
X-Cacheable: YES
ETag: "d7d5-556b36d461f00-gzip"
X-Frame-Options: SAMEORIGIN
X-Varnish: 499771552
Connection: keep-alive
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 8295
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK jquery.touchSwipe.min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/ 11 KB
4 KB 221ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/jquery.touchSwipe.min.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

0c6ef976b32b0f9158ce1211ed5d75bc3197e5a1802a70749e186fba11b78498

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 3673
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 14 Aug 2017 09:38:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "2a32-556b36d461f00-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK imagesloaded.min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/ 7 KB
3 KB 228ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fluid-responsive-slideshow/js/imagesloaded.min.js?ver=2.3.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a9667d16d28f3a6a1b777fbdc7775a0ea43cfd5da93cfac4c948a240a398656f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 2380
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 14 Aug 2017 09:38:36 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "1b6c-556b36d461f00-gzip"
Vary: Accept-Encoding
X-Varnish: 423785058
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK frontend.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/stop-user-enumeration/frontend/js/ 232 B
629 B 230ms
30ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/stop-user-enumeration/frontend/js/frontend.js?ver=1.3.25

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

84f7bdd9d518f244e12254d2dab2827a56fa1c0be95dd685178105518fdd94d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 169
X-XSS-Protection: 1;mode=block
Last-Modified: Fri, 20 Dec 2019 10:50:20 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "e8-59a2071a8538b-gzip"
Vary: Accept-Encoding
X-Varnish: 1440115334 1440115183
Content-Type: application/javascript
X-Cache-Hits: 3

GET
H/1.1 200
OK jquery.fancybox.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fancybox-for-wordpress/assets/js/ 157 KB
39 KB 253ms
41ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/fancybox-for-wordpress/assets/js/jquery.fancybox.js?ver=1.3.4

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f5acda93c7254b1e7aadc1ab2bdff1722803e55107334351118c4d64e51046f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 39164
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 28 Apr 2020 17:03:35 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "27515-5a45ccfe71062-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 4

GET
H/1.1 200
OK wpp-5.0.0.min.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wordpress-popular-posts/assets/js/ 1 KB
1 KB 245ms
31ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wordpress-popular-posts/assets/js/wpp-5.0.0.min.js?ver=5.1.0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 744
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 06 Apr 2020 12:41:04 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "5bf-5a29e948cf567-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK layerslider.kreaturamedia.jquery.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/js/ 25 KB
10 KB 254ms
33ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/js/layerslider.kreaturamedia.jquery.js?ver=3.5.0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

bb15e076783b6ba0f44ce382e8a5a06775cb11f2f3f84f5067f3567188016c61

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 9464
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 22 Sep 2015 21:21:33 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "62ef-5205c95089140-gzip"
Vary: Accept-Encoding
X-Varnish: 423788725
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK jquery-easing-1.3.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/js/ 8 KB
2 KB 256ms
28ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/framework/plug-ins/LayerSlider/js/jquery-easing-1.3.js?ver=1.3.0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d2bc9c513d50deb617981195a91d357c004688ae7a90962da29814385e168dea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:33 GMT
Server: nginx
X-Cacheable: YES
ETag: "2071-5205c95089140-gzip"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423784638
Connection: keep-alive
Content-Type: application/javascript
Vary: Accept-Encoding
Content-Length: 2005
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK date-stamp.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/date-stamp/ 1 KB
901 B 150ms
29ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/date-stamp/date-stamp.css

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

09f9269176e86a07cd9f52f45c0d75cdf6b02180c71bcb1bb2c01ee33a0c3bd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 456
X-XSS-Protection: 1;mode=block
Last-Modified: Wed, 15 Dec 2010 02:34:31 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "598-49769c6e37bc0-gzip"
Vary: Accept-Encoding
X-Varnish: 423785082 423777178
Content-Type: text/css
X-Cache-Hits: 1

GET
H2 200 ransomware-solutions-blog-template-style.css
www.trendmicro.com/vinfo/cloudlink/styles/ 4 KB
1 KB 92ms
28ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.trendmicro.com/vinfo/cloudlink/styles/ransomware-solutions-blog-template-style.css

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1b6a8ba260c8eb344ad40fadccadc8dd6752ed67318153676309febd6d83eb34

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 1061
x-prod-n-02: Yes
last-modified: Wed, 27 Jul 2016 05:50:13 GMT
server: nginx
x-frame-options: SAMEORIGIN
date: Sat, 09 May 2020 16:25:32 GMT
vary: Accept-Encoding
content-type: text/css
x-xss-protection: 1;mode=block
cache-control: max-age=553
etag: W/"4cb788becae7d11:0"
expires: Sat, 09 May 2020 16:34:45 GMT

GET
H/1.1 200
OK twitter.jpg
documents.trendmicro.com/images/TEx/blogicons/ 2 KB
2 KB 893ms
187ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/twitter.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: d1695d8985b2411104b59085fcf35de39255e29ea68064e26bd3fb67116bbe42

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:47:39 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "eea373fe4dfd01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 2201

GET
H/1.1 200
OK fb.jpg
documents.trendmicro.com/images/TEx/blogicons/ 2 KB
2 KB 891ms
185ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/fb.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: be23dbb4ef534fb2fbdf640c70e9ebce16ddd32eff4235784b99bbed85696cf6

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:47:44 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "fe5bc941e4dfd01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 2257

GET
H/1.1 200
OK in.jpg
documents.trendmicro.com/images/TEx/blogicons/ 2 KB
3 KB 889ms
183ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/in.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 5e62e5f7ea3ee74d6430ce302b0c61d95e93d43a80a449447c64ba791065202c

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:47:51 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "64623f46e4dfd01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 2416

GET
H/1.1 200
OK youtube.jpg
documents.trendmicro.com/images/TEx/blogicons/ 2 KB
2 KB 944ms
203ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/youtube.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 90b34033918608d698be777640ea1c2a7e33e64229e10ae75cde40b8f4ac1ded

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:48:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "3ef9f4be4dfd01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 2171

GET
H/1.1 200
OK rss.jpg
documents.trendmicro.com/images/TEx/blogicons/ 2 KB
2 KB 1072ms
183ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/rss.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 1bc4f47bd64d3c1a5f131b2241ac870c4a497a59237b3187d35eeff93ccba167

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:49:07 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "849f1973e4dfd01:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 2258

GET
H/1.1 200
OK blog-logo-2018.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2018/10/ 47 KB
48 KB 37ms
33ms Image
image/jpeg 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2018/10/blog-logo-2018.jpg

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

aa05b14bf4b4344109b83cb7e5d26a20591c298ded57d8168911f820bd2ec8fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 30 Oct 2018 03:39:37 GMT
Server: nginx
X-Cacheable: YES
ETag: "3e8eb2faff966a96e05fed40b9365e28"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423788730
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 48628
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK Ransomeware-200x200.jpg
blog.trendmicro.com/trendlabs-security-intelligence/files/2019/04/ 6 KB
6 KB 45ms
44ms Image
image/jpeg 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2019/04/Ransomeware-200x200.jpg

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f98dcf431f3332864b56d2a3fd52ae0ca260a4638a7a199158279f146eed3f82

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Apr 2019 04:30:58 GMT
Server: nginx
X-Cacheable: YES
ETag: "129bcaad6557fb61b1f17b798c30717d"
X-Frame-Options: SAMEORIGIN
X-Varnish: 834158519
Connection: keep-alive
Content-Type: image/jpeg
Content-Length: 5682
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK coldlock-1.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 9 KB
9 KB 36ms
36ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-1.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

a5334747b268c8aa6cef2be9cd8ceb3f62636bf509b32124e9ef7b5539e34b0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:37 GMT
Server: nginx
ETag: "208037906f4b647a180c7c17654c4958"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 9165
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-2.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 15 KB
15 KB 37ms
37ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-2.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

2dbc71f58138e245bfcdb54fec77467a32b9c3e8b4d9e7442aa122d984f94f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:29:02 GMT
Server: nginx
ETag: "085fb6882dd877c8fffe20b99c3c43bb"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 15029
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-3.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 18 KB
18 KB 48ms
48ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-3.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

9ae96ab0304e11b2087289d9597b04653737286c456f2d69a2f408e350df575f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:29:00 GMT
Server: nginx
ETag: "872d2ac3e3611af32c8342c1eb2ff999"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18292
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-4a-1024x362.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 164 KB
164 KB 34ms
34ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-4a-1024x362.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f62db0431252a733c9bdb2e3440e32d30912b486d2f6e5c7449a4a086d67f370

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 12:38:50 GMT
Server: nginx
ETag: "4b4d6f2907d6b13172c4f5d41f4ad78c"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Cache-Hits: 0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 167530
X-XSS-Protection: 1;mode=block
Expires: Sun, 10 May 2020 07:06:39 GMT

GET
H/1.1 200
OK coldlock-5.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 20 KB
21 KB 30ms
30ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-5.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ab78cb9ee20c50ccc237b0d1878a4fdbedb1981a2bbdac4ed071cdd40ea7f83c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:54 GMT
Server: nginx
ETag: "cb11523523f40d95e629b75302bfce56"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 20650
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-6.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 35 KB
36 KB 35ms
35ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-6.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

82342a88cd29d949e73b523b1e910dfec0b345ca0828a1ef4c150249cd08e01c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:51 GMT
Server: nginx
ETag: "76d908f544806bab4c256086598e8385"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36327
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-7.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 39 KB
40 KB 32ms
31ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-7.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

66cb96dce6495c4baf56c147060b654ab7ebb93c8428fb78be777805325890dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:48 GMT
Server: nginx
ETag: "f3768e704206e3a5c9407dbb3b7125d2"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 40033
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-8.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 8 KB
9 KB 36ms
35ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-8.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

b47398de689f61b7290fe5b3364dadcd661167edfac2ff8ab2e87af1fa86fb97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:46 GMT
Server: nginx
ETag: "9175f1e1f9a17643d7126d5f101a93ef"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8469
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-9.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 94 KB
95 KB 35ms
34ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-9.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

1fc0d38b9284ff9a74513fcf231ea74b94e51decbaf109c8b5d2a01a5c33492a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:44 GMT
Server: nginx
ETag: "f6cebeb63588421f9af97366d609119a"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 96410
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK coldlock-10.png
blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/ 8 KB
8 KB 31ms
30ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/files/2020/05/coldlock-10.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

4152a10de72f619cee83de413bb5c854f201a9fa30efe421655bf2d3a57426c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
X-Content-Type-Options: nosniff
Last-Modified: Wed, 06 May 2020 07:28:40 GMT
Server: nginx
ETag: "104fd64c3dc1a11dc22b9c7a17e0ac60"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
X-BlogDispatch: Yes
Cache-Control: max-age=900
Date: Sat, 09 May 2020 16:25:32 GMT
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 7831
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 0

GET
H/1.1 200
OK twemoji.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/ 27 KB
8 KB 32ms
32ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/twemoji.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

fd503ca2cb350bd8ecec266730289fd8a519faffe250b976f7963dc10bfd829c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 7870
X-XSS-Protection: 1;mode=block
Last-Modified: Fri, 20 Dec 2019 10:48:57 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "6c11-59a206cb60bf0-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK wp-emoji.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/ 9 KB
4 KB 44ms
43ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/wp-emoji.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 3441
X-XSS-Protection: 1;mode=block
Last-Modified: Mon, 06 Apr 2020 12:40:09 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "231d-5a29e91461632-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK say-no-to-ransomware.jpg
documents.trendmicro.com/images/TEx/articles/ 46 KB
46 KB 1060ms
188ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/articles/say-no-to-ransomware.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: e3ac5c56d0c3a6005ee7a9226a3470acd9acbfa64244cddabb899140c8a8f5d4

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Thu, 19 May 2016 08:03:54 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "43faf2fca4b1d11:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 47342

GET
H/1.1 200
OK related.css
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/yet-another-related-posts-plugin/style/ 647 B
823 B 28ms
28ms Stylesheet
text/css 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/yet-another-related-posts-plugin/style/related.css?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

6ca28839ba7e005b11dcf8d6de4c24f13f2cc988393ed7a570c41ee88ab092fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 322
X-XSS-Protection: 1;mode=block
Last-Modified: Tue, 28 Apr 2020 17:05:07 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=900
ETag: "287-5a45cd55e2ca5-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H/1.1 200
OK comment_count.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/ 889 B
894 B 29ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 440
X-XSS-Protection: 1;mode=block
Last-Modified: Sun, 05 May 2019 15:40:28 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "379-58825cda5227a-gzip"
Vary: Accept-Encoding
X-Varnish: 503597485
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK comment_embed.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/ 1 KB
960 B 33ms
30ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Cacheable: YES
Connection: keep-alive
Content-Length: 505
X-XSS-Protection: 1;mode=block
Last-Modified: Sun, 05 May 2019 15:40:28 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
ETag: "47e-58825cda5227a-gzip"
Vary: Accept-Encoding
X-Varnish: 2158157438
Accept-Ranges: bytes
Content-Type: application/javascript

GET
H/1.1 200
OK wp-embed.js Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/ 3 KB
2 KB 32ms
29ms Script
application/javascript 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/wp-embed.js?ver=5.4.1

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Strict-Transport-Security: max-age=15552000; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-BlogDispatch: Yes
Connection: keep-alive
Content-Length: 1267
X-XSS-Protection: 1;mode=block
Last-Modified: Sun, 05 May 2019 15:38:02 GMT
Server: nginx
X-Frame-Options: SAMEORIGIN
Date: Sat, 09 May 2020 16:25:32 GMT
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
ETag: "c8e-58825c4ec675d-gzip"
Accept-Ranges: bytes
X-Cache-Hits: 0

POST
H/1.1 401
Unauthorized popular-posts Show response
blog.trendmicro.com/trendlabs-security-intelligence/wp-json/wordpress-popular-posts/v1/ 118 B
627 B 1368ms
1368ms XHR
application/json 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-json/wordpress-popular-posts/v1/popular-posts
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/wordpress-popular-posts/assets/js/wpp-5.0.0.min.js?ver=5.1.0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-49-171.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: ed6a7c7c15db91f2b6ffbaec4ccb7be48bd7853833e3e3e642ccf701fa90f3de

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Date: Sat, 09 May 2020 16:25:34 GMT
Server: nginx
Vary: Origin
Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
Content-Type: application/json; charset=UTF-8
Access-Control-Allow-Origin: https://blog.trendmicro.com
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Access-Control-Allow-Credentials: true
Connection: close
X-Robots-Tag: noindex
Access-Control-Allow-Headers: Authorization, Content-Type
Content-Length: 118
X-Cache-Hits: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 69 KB
25 KB 23ms
22ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T8DW3SL

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3c61dd7ca00d1d302de06b14332f1d1917a9c9658526aa94d895cd6a42c04e88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25612
x-xss-protection: 0
last-modified: Sat, 09 May 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 May 2020 16:25:32 GMT

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 5 KB
2 KB 100ms
37ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&r=0.9828653413028332
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 934e86411602136888ebbc38aeffa74670103f3a5415b1e8a0bf7b8d1ef6d7b4

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: gzip
server: gfra1
content-type: application/javascript; charset=UTF-8
status: 200
timing-allow-origin: *
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
via: 1.1 google

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 74 KB
20 KB 728ms
633ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (lab/4FE4) /
Resource Hash: c24a3b2d36ec09e0740b0fa92babcf900e375955823be3b08859ed2e9d116776

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Mon, 15 Jul 2019 21:20:38 GMT
server: ECAcc (lab/4FE4)
age: 172
etag: "3896186793+gzip"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 20509
expires: Sat, 09 May 2020 16:30:33 GMT

GET
H/1.1 200
OK stripe_2e31600cd015b400066a279bc8148c33.png
blog.trendmicro.com/wp-content/uploads/2013/07/ 93 B
459 B 51ms
32ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/wp-content/uploads/2013/07/stripe_2e31600cd015b400066a279bc8148c33.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

670d2452df4e20e6a2371d8a48fbe1bde1e4664081f1f20b478095d0b14d8685

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/customCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 17 Jul 2013 19:56:49 GMT
Server: nginx
X-Cacheable: YES
ETag: "5d-4e1ba7e7b0240"
X-Frame-Options: SAMEORIGIN
X-Varnish: 2152824950
Connection: keep-alive
Content-Type: image/png
Content-Length: 93
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK darkSeperator.png
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/ 929 B
1 KB 90ms
44ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/darkSeperator.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

ec8ada9c249466cc83ead6cfea75ba0851281bb5a850b2009034d993e6449715

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/style.css?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "3a1-5205c9517d380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 426356294
Connection: keep-alive
Content-Type: image/png
Content-Length: 929
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK searchBg.png
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/ 1 KB
2 KB 55ms
36ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/searchBg.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

746908a1b935d3ca0005ab17e8504e642f42cf3ce177dac795d898f5637dc0cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/dynamicCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "4ba-5205c9517d380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423784547
Connection: keep-alive
Content-Type: image/png
Content-Length: 1210
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK searchBgHover.png
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/ 2 KB
2 KB 48ms
28ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/searchBgHover.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

7d902673f947b5f070302fb19d049ed9d81694895de23552603e2da56782466b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/dynamicCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "795-5205c9517d380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 426334826 426329189
Connection: keep-alive
Content-Type: image/png
Content-Length: 1941
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 2

GET
H/1.1 200
OK searchSubmit.png
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/ 2 KB
2 KB 78ms
29ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/searchSubmit.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

5f9eba6b4a09e7bbdfb3e9f52cc59625bb0a26854804928ffdf03c5ac2ad7d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/dynamicCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "618-5205c9517d380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423785087
Connection: keep-alive
Content-Type: image/png
Content-Length: 1560
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK postBubbles.png
blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/ 1 KB
2 KB 31ms
31ms Image
image/png 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/images/skins/minimal/postBubbles.png

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

005929580da46135c58cae0cbfcccd17e510aac10a27a3e674fb85ae4bee95c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/dynamicCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 22 Sep 2015 21:21:34 GMT
Server: nginx
X-Cacheable: YES
ETag: "587-5205c9517d380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 498918543
Connection: keep-alive
Content-Type: image/png
Content-Length: 1415
X-XSS-Protection: 1;mode=block

GET
H/1.1 200
OK TM-predictions-2020-page-cover-thumb.jpg
documents.trendmicro.com/images/TEx/articles/ 219 KB
219 KB 834ms
181ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/articles/TM-predictions-2020-page-cover-thumb.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 2f91858733fcccdcb9035e7c59c0762aa90388632e6e399cb65dda0b36572e55

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Tue, 19 Nov 2019 06:28:45 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "21235498a29ed51:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 224283

GET
H/1.1 200
OK sidebar-business-process-co.jpg
documents.trendmicro.com/images/TEx/articles/ 45 KB
46 KB 837ms
183ms Image
image/jpeg 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/articles/sidebar-business-process-co.jpg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: f368605bd5e23568ed3e0568d70b9b1d039b82059e5e199335d059c4e400bee4

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 03 May 2017 08:32:09 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "475b79c1e7c3d21:0"
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 46571

GET
H/1.1 200
OK mailIcon.png
documents.trendmicro.com/images/TEx/blogicons/ 3 KB
3 KB 187ms
187ms Image
image/png 150.70.178.131
AS2-TRENDMICRO-COM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://documents.trendmicro.com/images/TEx/blogicons/mailIcon.png
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_CBC
Server: 150.70.178.131 , Japan, ASN16880 (AS2-TRENDMICRO-COM, US),
Reverse DNS: sjc1-te-ftp.trendmicro.com
Software: Microsoft-IIS/7.5 / ASP.NET
Resource Hash: 17dbeff08f1c2770ec37f9edf909627395215a93ac4d8c0307eaac9a4cab49b8

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/customCss.php?ver=5.4.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Last-Modified: Wed, 26 Aug 2015 09:50:58 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
ETag: "6829cdb5e4dfd01:0"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 2651

GET
H/1.1 200
OK e9258aa9-8d38-4395-b7e7-e18df29986f1-3.woff
blog.trendmicro.com/font/Interstate-Light/ 68 KB
68 KB 36ms
32ms Font
application/font-woff 23.37.49.171
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.trendmicro.com/font/Interstate-Light/e9258aa9-8d38-4395-b7e7-e18df29986f1-3.woff

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.37.49.171 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-37-49-171.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

beb4690cf911f555766083248e81809736077be198a40edad9868c9e4469ca65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/themes/inspiredTrendLabs/css/customCss.php?ver=5.4.1
Origin: https://blog.trendmicro.com

Response headers

X-Dispatcher: Yes
Date: Sat, 09 May 2020 16:25:32 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 18 Sep 2014 19:08:14 GMT
Server: nginx
X-Cacheable: YES
ETag: "1105c-5035bb4d02380"
X-Frame-Options: SAMEORIGIN
X-Varnish: 423785060 423777848
Connection: keep-alive
Content-Type: application/font-woff
Content-Length: 69724
X-XSS-Protection: 1;mode=block
X-Cache-Hits: 14

GET
H2 200 ga.js Show response
ssl.google-analytics.com/ 45 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.google-analytics.com/ga.js

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 6996
date: Sat, 09 May 2020 14:28:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17168
expires: Sat, 09 May 2020 16:28:56 GMT

GET
H2 200 main.js Show response
m9m6e2w5.stackpathcdn.com/v2/e463a561/ 140 KB
40 KB 155ms
52ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/main.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 5eff54495ee918c52be1b5464755add10db4af7435ec5c5569b111a0e3fb430c

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: gzip
last-modified: Tue, 05 May 2020 16:05:35 GMT
server: nginx
x-amz-request-id: 30DCB0F0F588609F
etag: "ab829dcd5287a5ef8f585c912dc2641d"
x-hw: 1589041532.cds021.pa1.hn,1589041532.cds009.pa1.c
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 40906
x-amz-id-2: TUqB3CTkKUVRq13fqLp2NBSQ28A+zFv6id1pVe+p2VC7SeP4C/rImPZFTZ7uIOhYCbl3dHEcB/o=

GET
H2 200 f9f1a771608a24e84c49a8532e282dc1.json Show response
www.shareaholic.net/config/ 4 KB
2 KB 394ms
131ms XHR
application/json 3.93.188.41
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://www.shareaholic.net/config/f9f1a771608a24e84c49a8532e282dc1.json
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 3.93.188.41 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-93-188-41.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 53b91412b12f7724d162cd9d66b44ace39259b2bcb7500504c203df6e284e5fc

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-client-geo-country: CH,Switzerland
date: Fri, 08 May 2020 17:52:11 GMT
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
status: 200
access-control-allow-methods: GET, HEAD
content-length: 1124
server: nginx
x-client-geo-region: ZH,Zurich
x-client-geo-metrocode
etag: W/"53b91412b12f7724d162cd9d66b44ace"
access-control-max-age: 2000
x-client-geo-city: Zurich
x-varnish: 3243580 1045220074
via: 1.1 varnish (Varnish/6.0)
access-control-expose-headers: Etag, Access-Control-Allow-Origin, x-client-geo-latlong, x-client-geo-country, x-client-geo-city, x-client-geo-zip, x-client-geo-region, x-client-geo-metrocode
cache-control: max-age=3, public, must-revalidate
x-client-geo-zip: 8010
accept-ranges: bytes
content-type: application/json
access-control-allow-headers: *
x-client-geo-latlong: 47.392500,8.454600

GET
H2 200 __utm.gif
ssl.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:820::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1897439914&utmhn=blog.trendmicro.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1585x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&utmhid=2007336349&utmr=-&utmp=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&utmht=1589041532815&utmac=UA-137644-6&utmcc=__utma%3D247958868.812380423.1589041533.1589041533.1589041533.1%3B%2B__utmz%3D247958868.1589041533.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1408175672&utmredir=1&utmu=HAAAAAAAAAAAAAAAAAAAAAAE~

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK count.js Show response
trendlabs.disqus.com/ 1 KB
1 KB 94ms
29ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://trendlabs.disqus.com/count.js

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 1968402
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 16 Apr 2020 19:48:14 GMT
Server: nginx
ETag: "5e98b67e-367"
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect

GET
H/1.1 200
OK embed.js Show response
trendlabs.disqus.com/ 66 KB
22 KB 406ms
337ms Script
application/javascript 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://trendlabs.disqus.com/embed.js

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.17

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

facbc08fab61c01d69c3137a7036b4c27cd04f188cf5104a71766d694b6e281a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 22078

GET
H2 200 va-8e0fa9f7c908b86e7cda75835c0e82d3.js Show response
dev.visualwebsiteoptimizer.com/6.0/ 193 KB
56 KB 123ms
59ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/6.0/va-8e0fa9f7c908b86e7cda75835c0e82d3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&r=0.9828653413028332
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: 58405d4812cd660eddcf5e03bf9da20f5d0f5d3f8c3c4c2923d1e505c734a4e6

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Origin: https://blog.trendmicro.com

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: br
last-modified: Wed, 06 May 2020 03:30:47 GMT
server: gfra1
status: 200
etag: "5eb22f67-defa"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57082
via: 1.1 google

GET
H2 200 track-8e0fa9f7c908b86e7cda75835c0e82d3.js Show response
dev.visualwebsiteoptimizer.com/6.0/ 11 KB
4 KB 97ms
34ms Script
text/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/6.0/track-8e0fa9f7c908b86e7cda75835c0e82d3.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&r=0.9828653413028332
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: f524ff58c404da0a3d4ed8367b452f604d53be5304649d6d3b018ea40dbf767b

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Origin: https://blog.trendmicro.com

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: br
last-modified: Wed, 06 May 2020 03:30:47 GMT
server: gfra1
status: 200
etag: "5eb22f67-e12"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3602
via: 1.1 google

GET
H2 200 opa-a4111607dc5ce718c2993c75e25e5d78.js Show response
dev.visualwebsiteoptimizer.com/analysis/3.0/ 85 KB
22 KB 98ms
34ms Script
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/3.0/opa-a4111607dc5ce718c2993c75e25e5d78.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=215154&u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&r=0.9828653413028332
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: b064443aa42bbd5016b9e0bf1ee513bf5b6325235e51c935a0babed0e9a0e661

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Origin: https://blog.trendmicro.com

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: br
last-modified: Tue, 05 May 2020 03:16:50 GMT
server: gfra1
status: 200
etag: "5eb0daa2-5711"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22289
via: 1.1 google

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
218 B 118ms
118ms Image
image/gif 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=215154&d=trendmicro.com&u=D6FB83D7109C689A53081E44CA7B5F369&h=06e5f3ee52e0de5f51646068a42e6717&t=false&r=0.704655746695811

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv1-c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:32 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv1-c
content-type: image/gif
status: 200
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 5353
date: Sat, 09 May 2020 14:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Sat, 09 May 2020 16:56:19 GMT

POST
H2 200 e
analytics.shareaholic.com/ 43 B
640 B 382ms
129ms Other
image/gif 54.87.159.104
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.shareaholic.com/e

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/main.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.87.159.104 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-87-159-104.compute-1.amazonaws.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Content-Security-Policy	referrer always

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
status: 200
vary: Origin
p3p: CP="OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC"
access-control-allow-origin: https://blog.trendmicro.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
referer-policy: unsafe-url
content-security-policy: referrer always
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 worker-1acd6955248e984d8c16ea37afb8cbb7.js Show response
dev.visualwebsiteoptimizer.com/analysis/ 47 KB
13 KB 32ms
32ms XHR
application/javascript 34.96.102.137
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/analysis/worker-1acd6955248e984d8c16ea37afb8cbb7.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/analysis/3.0/opa-a4111607dc5ce718c2993c75e25e5d78.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gfra1 /
Resource Hash: e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:32 GMT
content-encoding: br
last-modified: Mon, 16 Mar 2020 04:40:32 GMT
server: gfra1
status: 200
etag: "5e6f0340-351f"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=604800
accept-ranges: bytes
alt-svc: h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13599
via: 1.1 google

GET
H2 200 sharebuttons.js Show response
m9m6e2w5.stackpathcdn.com/v2/e463a561/ 147 KB
33 KB 54ms
53ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/sharebuttons.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: e6d8caf1a68e05d2debe0450cbd444dff6c02692dc6f83659767413b43e94f6d

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Tue, 05 May 2020 16:05:35 GMT
server: nginx
x-amz-request-id: DA903ED0FF6E4FB6
etag: "c6e579f7a9be59e919e0d12722c63dc6"
x-hw: 1589041533.cds021.pa1.hn,1589041533.cds036.pa1.c
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 33321
x-amz-id-2: SOnFCx20KkxpchLXkcvVvemmrNsvvjpjob0ZZXL+0nxUX7GcvmXfzPZgpjTfljFjAPUb2PYTF4E=

GET
H2 200 affiliatelinks.js Show response
m9m6e2w5.stackpathcdn.com/v2/e463a561/ 993 B
788 B 62ms
61ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/affiliatelinks.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 86eeb624613debbef686caa048690a01896776553a1b0401131285903a20f0c5

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Tue, 05 May 2020 16:05:34 GMT
server: nginx
x-amz-request-id: 484DF0B3553D4006
etag: "aafdef79b0043695b33484bbc935eae8"
x-hw: 1589041533.cds021.pa1.hn,1589041533.cds028.pa1.c
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 584
x-amz-id-2: 0ocTurK27MKgtdwS/8V+u1wG6ws0raoSBV7jFKU+ZI7Ayrn7XyZoFlVsewCdxhqskyI3mBEFlRY=

GET
H2 200 adminbadgei.js Show response
m9m6e2w5.stackpathcdn.com/v2/e463a561/ 18 KB
4 KB 61ms
60ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/adminbadgei.js
Requested by: Host: cdn.shareaholic.net
URL: https://cdn.shareaholic.net/assets/pub/shareaholic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: c92b6b5b0a0b5d8d904e4df3ea0d1e998641db9cdcfcd27e09d268339654e73c

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Tue, 05 May 2020 16:05:34 GMT
server: nginx
x-amz-request-id: 7BC2BD1213E24946
etag: "1b42a53bf82893d3ab4b34429553d85d"
x-hw: 1589041533.cds021.pa1.hn,1589041533.cds030.pa1.c
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3840
x-amz-id-2: O5/Dmot35KwpPzpiKqJza1cFFaqYw4We6zlgQdi6OD4ROX3dMPtST9QL6Q4odcGcEnGGgj1SFxE=

GET
H2 200 partners.js Show response
partner.shareaholic.com/ 4 KB
2 KB 436ms
190ms Script
application/javascript 107.20.140.231
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 107.20.140.231 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-107-20-140-231.compute-1.amazonaws.com
Software: /
Resource Hash: 7fe4a76248b2a7e420fd86bf2a4f6cf14fb8aaaa73ba28cecbf97dd456445d84

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
vary: Accept-Encoding, User-Agent
p3p: CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: application/javascript;charset=utf-8
content-length: 1180
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 lounge.9a11b91b20ca66d0cf6475e0f5c1ab1a.css
c.disquscdn.com/next/embed/styles/ 0
21 KB 47ms
28ms Other
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.9a11b91b20ca66d0cf6475e0f5c1ab1a.css

Requested by

Host: trendlabs.disqus.com
URL: https://trendlabs.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1340206
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 21824
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 16 Apr 2020 22:27:01 GMT
server: cloudflare
etag: "5e98dbb5-5540"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 029bdaa95c0000175ef8ada200000001
accept-ranges: bytes
cf-ray: 590cc6eefab0175e-FRA
expires: Fri, 16 Apr 2021 22:40:09 GMT

GET
H2 200 common.bundle.f9554506a08a1cc2b021f0dfc3f59ebb.js
c.disquscdn.com/next/embed/ 0
89 KB 35ms
16ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.f9554506a08a1cc2b021f0dfc3f59ebb.js

Requested by

Host: trendlabs.disqus.com
URL: https://trendlabs.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1964720
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 90432
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Thu, 16 Apr 2020 22:27:00 GMT
server: cloudflare
etag: "5e98dbb4-16140"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 029bdaa95c0000175ef8adb200000001
accept-ranges: bytes
cf-ray: 590cc6eefab3175e-FRA
expires: Fri, 16 Apr 2021 22:40:09 GMT

GET
H2 200 lounge.bundle.3130273e39cea7ac6e72980ac388e5e0.js
c.disquscdn.com/next/embed/ 0
109 KB 42ms
22ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.3130273e39cea7ac6e72980ac388e5e0.js

Requested by

Host: trendlabs.disqus.com
URL: https://trendlabs.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 333642
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 110841
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 05 May 2020 19:28:36 GMT
server: cloudflare
etag: "5eb1be64-1b0f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-request-id: 029bdaa95c0000175ef8adc200000001
accept-ranges: bytes
cf-ray: 590cc6eefab6175e-FRA
expires: Wed, 05 May 2021 19:44:50 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
7 KB 116ms
38ms Other
application/javascript 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: trendlabs.disqus.com
URL: https://trendlabs.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 24
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 6222
X-XSS-Protection: 1; mode=block

GET
H2 200 logo.svg
m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/ 743 B
575 B 52ms
52ms Image
image/svg+xml 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/images_0ecbeeff/badge/logo.svg
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Wed, 22 Apr 2020 15:49:01 GMT
server: nginx
x-amz-request-id: 4105F5D1DD1008E2
etag: "83eda2388bc041d5d753201754724793"
x-hw: 1589041533.cds021.pa1.hn,1589041533.cds024.pa1.c
content-type: image/svg+xml
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 360
x-amz-id-2: DYUb/1zQCXuhDD5X/1smJJR/2YZQ9vwAqrl9Yg3VwD4RDxkbPtr/TodSPllpsEURQvG0UPdEc0U=

GET
H2 200 vglnk.js Show response
cdn.viglink.com/api/ 79 KB
28 KB 49ms
23ms Script
text/javascript 2606:4700::6810:a20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.viglink.com/api/vglnk.js
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/main.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 568a502aa767d3c49d8d68d6a7f5a88e2ed15bff9a64be1161d7b5fa3a698c2a

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 243105
cf-ray: 590cc6ef49b33240-FRA
status: 200
content-length: 27910
x-amz-id-2: gPU9dqMsYdA/iRe28bp6oqh7yEkHXLIfgVveEMU21yaz4FFozdzuiVOzGrZdCXbqEq7iyBBT9IY=
last-modified: Wed, 06 May 2020 20:52:12 GMT
server: cloudflare
etag: "9256e55574004d03413b6e92d0dec1d5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: 53FFB5C678F2DBE9
cache-control: public, max-age=1800
cf-request-id: 029bdaa9890000324004833200000001
accept-ranges: bytes
content-type: text/javascript
expires: Sat, 09 May 2020 16:55:33 GMT

GET
H2 200 shareaholic-icons.woff
m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/ 20 KB
20 KB 181ms
96ms Font
font/woff 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://m9m6e2w5.stackpathcdn.com/v2/fonts_0ecbeeff/shareaholic-icons.woff
Requested by: Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/sharebuttons.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 Dallas, United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: 21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Origin: https://blog.trendmicro.com

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Wed, 22 Apr 2020 15:49:01 GMT
server: nginx
x-amz-request-id: AA9912EF1163CD0E
etag: "0e26e8e2b7a79ff2a9e9fe9ef5382e6d"
x-hw: 1589041533.cds037.pa1.hn,1589041533.cds002.pa1.c
content-type: font/woff
status: 200
cache-control: max-age=31536000, public
x-hello-human: Join the fun! Apply at www.shareaholic.com/jobs
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20572
x-amz-id-2: Ju9N2k3lIBpVugoOuM36nGCvVilZC4YbEIA3J9A0qBVaB+ofuqqmn2OpklmIBr+jqEu1SqN7GJw=

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 9663 0
0 194ms
194ms Document
text/html 151.101.0.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=trendlabs&t_i=87278%20https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2F%3Fp%3D87278&t_u=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&t_e=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations&t_d=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&t_t=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations&s_o=default

Requested by

Host: trendlabs.disqus.com
URL: https://trendlabs.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.0.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Response headers

Connection: keep-alive
Content-Length: 2664
Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Wed, 06 May 2020 12:00:50 GMT
ETag: W/"lounge:view:8010171090.99aeb13eede85e997428bcb277511106.2"
Content-Encoding: gzip
Date: Sat, 09 May 2020 16:25:33 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
129 B 25ms
24ms Image
image/gif 2606:4700::6810:a20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=1&rn=7.167987989940131
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
cf-cache-status: HIT
age: 9
cf-ray: 590cc6effbda3240-FRA
status: 200
content-length: 43
x-amz-id-2: rBbSB6Y9+isukYJ5QJyJH3U1owlMeCQi5Hs8Qo36erM/4+6DvjHoX4QkixIc+HhxHuv1Npvook0=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: DD7631AE1A3CAA3D
cache-control: max-age=15, must-revalidate
cf-request-id: 029bdaa9fc0000324004839200000001
accept-ranges: bytes
content-type: image/gif

GET
H2 200 pixel.gif
cdn.viglink.com/images/ 43 B
291 B 19ms
18ms Image
image/gif 2606:4700::6810:a20d
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.viglink.com/images/pixel.gif?ch=2&rn=7.167987989940131
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6810:a20d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
cf-cache-status: HIT
age: 9
cf-ray: 590cc6effbdd3240-FRA
status: 200
content-length: 43
x-amz-id-2: rBbSB6Y9+isukYJ5QJyJH3U1owlMeCQi5Hs8Qo36erM/4+6DvjHoX4QkixIc+HhxHuv1Npvook0=
last-modified: Tue, 10 Feb 2015 03:29:39 GMT
server: cloudflare
etag: "221d8352905f2c38b3cb2bd191d630b0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: DD7631AE1A3CAA3D
cache-control: max-age=15, must-revalidate
cf-request-id: 029bdaa9fc000032400483a200000001
accept-ranges: bytes
content-type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 239 B
567 B 62ms
48ms Fetch
application/json 2a03:2880:f01c:800e:face:b00c:0:2
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?fields=og_object%7Bengagement%7Bcount%7D%7D&id=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F

Requested by

Host: m9m6e2w5.stackpathcdn.com
URL: https://m9m6e2w5.stackpathcdn.com/v2/e463a561/main.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83b6156cc083bff93b2794110a10cfa159379accb8bec32fa49ce3daa55b5cfb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
etag: "eeca9d6438db095c21ba65e0ee075bc7bff2c8ef"
status: 200
x-fb-rev: 1002106946
content-length: 171
pragma: no-cache
x-fb-debug: ZoAwNySmJK9WpAhiqwbpketqGugFARCHZKYtNAZRS3W7PzMZsG+ss4hxw72pjrrE12mpOXd6A/Oj0SPkPOkC7A==
x-fb-trace-id: EuNSiVi5c01
date: Sat, 09 May 2020 16:25:33 GMT
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AHP0N8LB3_5TeKAydOyuiM6
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v3.0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 43ms
21ms Script
application/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

d548a9f91441aadb04287c2fca64b6da0a385c05c6e822978a6e2a79660cb1c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
content-type: application/javascript
status: 200
cache-control: no-cache
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H2 200 utag.69.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 2 KB
1 KB 33ms
33ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.69.js?utv=201610132134
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6CD9) /
Resource Hash: db3e8095381fb06bb6455b36c78beb4c8f1f6e3c2ef1483f97a8ec151704e6c6

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 17 Mar 2016 21:48:18 GMT
server: ECAcc (mil/6CD9)
age: 238704
etag: "75691613"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1005
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.95.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 2 KB
1 KB 35ms
34ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.95.js?utv=201907152120
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6BBD) /
Resource Hash: 3ea0cc3de98565f804dc441a45d45c615a475740a03da4d2574121fe65f10706

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Mon, 15 Jul 2019 21:20:38 GMT
server: ECAcc (mil/6BBD)
age: 239036
etag: "2121001460"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1056
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.9.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 3 KB
1 KB 38ms
37ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.9.js?utv=201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6BB0) /
Resource Hash: a1e2acedcc157bed6106061b1177d4de9102e7cb711fd74df49be5df56caecd2

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 25 Feb 2016 17:36:53 GMT
server: ECAcc (mil/6BB0)
age: 238706
etag: "3548890436"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1384
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.18.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 2 KB
1 KB 38ms
37ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.18.js?utv=201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6BA5) /
Resource Hash: d2e8734e842f89489fa5bece0e3f613ba1c16ba2f12607a3cc0c38ff43413639

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 25 Feb 2016 17:36:52 GMT
server: ECAcc (mil/6BA5)
age: 234382
etag: "1732758884"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1024
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.92.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 23 KB
6 KB 35ms
34ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.92.js?utv=201902141818
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C1D) /
Resource Hash: 66561088efad00a5b856bbf459e42544bb596936943fbe3b0f8d7b6718608046

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 14 Feb 2019 18:19:04 GMT
server: ECAcc (mil/6C1D)
age: 239037
etag: "636828306"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5736
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.43.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 2 KB
1017 B 39ms
38ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.43.js?utv=201510262117
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C24) /
Resource Hash: 9ea952c31d6d8c4c58481c338636f2424ee8ba8dfb6289645c0f1a3b2673698e

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 25 Feb 2016 17:36:54 GMT
server: ECAcc (mil/6C24)
age: 239037
etag: "2942818274"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 923
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.75.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 3 KB
2 KB 39ms
38ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.75.js?utv=201608171750
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C9C) /
Resource Hash: 18a5b957a8ccd83f466eb7dde5fc616bb00c0be8b660f4c729c3dd41e1e8249a

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Wed, 17 Aug 2016 17:50:02 GMT
server: ECAcc (mil/6C9C)
age: 239037
etag: "4185047894"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 1452
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 utag.91.js Show response
tags.tiqcdn.com/utag/trendmicro/nabu/prod/ 10 KB
3 KB 39ms
38ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.91.js?utv=201709142001
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6C7C) /
Resource Hash: 0819ab8b8211e99514e2b34bab24ae6d718e9f3d9ff3f7eae19380d293c77cc6

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Thu, 14 Sep 2017 20:00:52 GMT
server: ECAcc (mil/6C7C)
age: 239037
etag: "1191131356"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 2501
expires: Sun, 24 May 2020 16:25:33 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:81f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C700italic%2C400%2C700&ver=2.3.1
Origin: https://blog.trendmicro.com

Response headers

date: Wed, 06 May 2020 00:50:17 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 315316
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9132
x-xss-protection: 0
expires: Thu, 06 May 2021 00:50:17 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 342 KB
40 KB 49ms
49ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

304219d446a942af8ca4d11d14c002f44791e3834c95a8ff34bc79d4c4f7cba2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: br
vary: Accept-Encoding
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40644
x-xss-protection: 0
last-modified: Sat, 09 May 2020 15:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 09 May 2020 16:25:33 GMT

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflcv97xo/ 68 KB
25 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflcv97xo/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cb7b1d2879140cf195c9413693e8b5deb87e3e350c9ab8b33989172a3de77d2b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 07 May 2020 21:50:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 153283
status: 200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25540
x-xss-protection: 0
last-modified: Thu, 07 May 2020 18:54:52 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 15 May 2020 21:50:50 GMT

GET
H2 200 be_ixf_js_sdk.js Show response
cdn.bc0a.com/ 46 KB
19 KB 130ms
41ms Script
application/javascript 35.201.125.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bc0a.com/be_ixf_js_sdk.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.95.js?utv=201907152120
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.125.192 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS: 192.125.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 6d8dbab1ec193ec8700dab228e8efb9803ae9eb3625c92e1e1b93ebf7c92f275

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-goog-meta-sdk_version: 1.2.7
date: Sat, 09 May 2020 16:16:41 GMT
content-encoding: gzip
age: 532
status: 200
x-goog-meta-custom: false
x-guploader-uploadid: AAANsUkfnoyHbTGm0rJ1xWmSXKeeIqjB_BIx4NN0H9j-k7Jigc-g65p5Cv7f_GbTP7OI7uA3s393HnAy9Sf04MHMh4buR6v6Zg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
x-goog-meta-publishingdate: 2020-05-05 19:39:04
alt-svc: clear
content-length: 14678
access-control-allow-origin: *
last-modified: Tue, 05 May 2020 19:39:04 GMT
server: UploadServer
etag: "df4e0702e6479ea1f62484b29ec678c7"
vary: Accept-Encoding
x-goog-hash: crc32c=VKyY1A==, md5=304HAuZHnqH2JISynsZ4xw==
content-language: en
x-goog-generation: 1588707544716432
x-goog-meta-marvel_api_accounts: {"f00000000114898":{"data-testmode":false,"data-customerid":"f00000000114898"},"f00000000190864":{"data-testmode":false,"data-customerid":"f00000000190864"},"f00000000192973":{"data-testmode":true,"data-customerid":"f00000000192973"},"f00000000063676":{"data-testmode":false,"data-customerid":"f00000000063676","data-cname":"images.closetworks.com"},"f00000000113338":{"data-testmode":false,"data-customerid":"f00000000113338"},"f00000000000123":{"data-testmode":true,"data-customerid":"f00000000000123"},"f00000000188074":{"data-testmode":true,"data-customerid":"f00000000188074"},"f00000000181093":{"data-testmode":true,"data-customerid":"f00000000181093"},"f00000000105991":{"data-testmode":true,"data-customerid":"f00000000105991"},"f00000000177517":{"data-testmode":true,"data-customerid":"f00000000177517"},"f00000000097438":{"data-testmode":false,"data-customerid":"f00000000097438"},"f00000000136490":{"data-testmode":false,"data-customerid":"f00000000136490"},"f00000000168442":{"data-testmode":true,"data-customerid":"f00000000168442"},"f00000000188077":{"data-url":"valuemyweb.com/exclude/testing/","data-testmode":false,"data-customerid":"f00000000188077","data-cname":"images-cdn.brightedge.com"},"f00000000025882":{"data-testmode":true,"data-customerid":"f00000000025882"},"f00000000193426":{"data-testmode":false,"data-customerid":"f00000000193426"},"f00000000166744":{"data-testmode":true,"data-customerid":"f00000000166744"},"f00000000043431":{"data-testmode":false,"data-customerid":"f00000000043431"},"f00000000052793":{"data-testmode":true,"data-customerid":"f00000000052793"},"f00000000184714":{"data-testmode":false,"data-customerid":"f00000000184714"},"f00000000160681":{"data-testmode":true,"data-customerid":"f00000000160681"},"f00000000192166":{"data-testmode":false,"data-customerid":"f00000000192166"},"f00000000154978":{"data-testmode":true,"data-customerid":"f00000000154978"},"f00000000188974":{"data-testmode":false,"data-customerid":"f00000000188974"},"f00000000181462":{"data-testmode":true,"data-customerid":"f00000000181462"},"f00000000114850":{"data-testmode":true,"data-customerid":"f00000000114850"},"f00000000115225":{"data-testmode":true,"data-customerid":"f00000000115225"},"f00000000114853":{"data-testmode":true,"data-customerid":"f00000000114853"},"f00000000189529":{"data-testmode":false,"data-customerid":"f00000000189529"},"f00000000161092":{"data-testmode":true,"data-customerid":"f00000000161092"},"f00000000102775":{"data-testmode":true,"data-customerid":"f00000000102775"},"f00000000192619":{"data-testmode":false,"data-customerid":"f00000000192619"},"f00000000184177":{"data-testmode":false,"data-customerid":"f00000000184177"},"f00000000103447":{"data-testmode":true,"data-customerid":"f00000000103447"},"f00000000124363":{"data-testmode":false,"data-customerid":"f00000000124363"},"f00000000135469":{"data-testmode":true,"data-customerid":"f00000000135469"},"f00000000168916":{"data-testmode":true,"data-customerid":"f00000000168916"},"f00000000116746":{"data-testmode":true,"data-customerid":"f00000000116746"},"f00000000191929":{"data-testmode":true,"data-customerid":"f00000000191929"},"f00000000189262":{"data-testmode":true,"data-customerid":"f00000000189262"},"f00000000016565":{"data-testmode":true,"data-customerid":"f00000000016565"},"f00000000120703":{"data-testmode":true,"data-customerid":"f00000000120703"},"f00000000167779":{"data-testmode":true,"data-customerid":"f00000000167779"},"f00000000191638":{"data-testmode":true,"data-customerid":"f00000000191638"},"f00000000184312":{"data-testmode":false,"data-customerid":"f00000000184312"},"f00000000114298":{"data-testmode":true,"data-customerid":"f00000000114298"},"f00000000178855":{"data-testmode":true,"data-customerid":"f00000000178855"},"f00000000117406":{"data-testmode":false,"data-customerid":"f00000000117406"},"f00000000154006":{"data-testmode":true,"data-customerid":"f00000000154006"},"f00000000072832":{"data-testmode":false,"data-customerid":"f00000000072832"},"f00000000192229":{"data-testmode":true,"data-customerid":"f00000000192229"},"f00000000146701":{"data-testmode":true,"data-customerid":"f00000000146701"},"f00000000119260":{"data-testmode":false,"data-customerid":"f00000000119260"},"f00000000185470":{"data-testmode":false,"data-customerid":"f00000000185470"},"f00000000082522":{"data-testmode":true,"data-customerid":"f00000000082522"},"f00000000110071":{"data-testmode":true,"data-customerid":"f00000000110071"},"f00000000118177":{"data-testmode":false,"data-customerid":"f00000000118177"},"f00000000117526":{"data-testmode":false,"data-customerid":"f00000000117526"},"f00000000114847":{"data-testmode":true,"data-customerid":"f00000000114847"},"f00000000169432":{"data-testmode":true,"data-customerid":"f00000000169432"},"f00000000184762":{"data-testmode":false,"data-customerid":"f00000000184762"},"f00000000114841":{"data-testmode":true,"data-customerid":"f00000000114841"},"f00000000046606":{"data-testmode":true,"data-customerid":"f00000000046606"},"f00000000069367":{"data-testmode":true,"data-customerid":"f00000000069367"},"f00000000068608":{"data-testmode":false,"data-customerid":"f00000000068608"},"f00000000148084":{"data-testmode":false,"data-customerid":"f00000000148084"},"f00000000187147":{"data-testmode":true,"data-customerid":"f00000000187147"},"f00000000188002":{"data-testmode":false,"data-customerid":"f00000000188002"},"f00000000193222":{"data-testmode":false,"data-customerid":"f00000000193222"},"f00000000185851":{"data-testmode":false,"data-customerid":"f00000000185851"},"f00000000194338":{"data-testmode":true,"data-customerid":"f00000000194338"},"f00000000188338":{"data-testmode":false,"data-customerid":"f00000000188338"},"f00000000044220":{"data-testmode":true,"data-customerid":"f00000000044220"}}
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 14678
accept-ranges: bytes
content-type: application/javascript
expires: Sat, 09 May 2020 17:16:41 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 124ms
39ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: c7d7214a0b940c1ffcbd64689a576c5847b42e886da3ad9ea45bc4cda214bac8

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Fri, 03 Apr 2020 02:45:45 GMT
Server: Apache
ETag: "aa520b8aca3502dbdbf62462e6f4be67:1585881945"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 751

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 28 KB
11 KB 49ms
48ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.9.js?utv=201510262117

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

20f2b7c4f6f460542ac14424e621a9aa42dbdd98447feb325b3e81e322598860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 10882
x-xss-protection: 0
server: cafe
etag: 5410868192711959244
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Sat, 09 May 2020 16:25:33 GMT

GET
H2 200 revenuepulse-lib-v3.js Show response
resources.trendmicro.com/rs/945-CXD-062/images/ 2 KB
1 KB 243ms
151ms Script
application/x-javascript 104.17.72.206
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

104.17.72.206 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200
content-length: 695
cf-request-id: 029bdaaafa0000cc3a65829200000001
last-modified: Sat, 11 Apr 2020 02:54:36 GMT
server: cloudflare
etag: "4a73a6-6f3-5a2faf868e8f8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: public, max-age=60
accept-ranges: bytes
cf-ray: 590cc6f19ac3cc3a-ZRH
expires: Sat, 09 May 2020 16:26:33 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 111ms
29ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.91.js?utv=201709142001
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
age: 68048
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4036-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1589041534.678850,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 15:42:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2569
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1306
x-xss-protection: 0
expires: Sat, 09 May 2020 16:42:44 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
954 B 7ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 15:38:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 22 Oct 2019 18:15:00 GMT
server: sffe
age: 2829
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Sat, 09 May 2020 16:38:24 GMT

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 3 KB
2 KB 53ms
9ms Script
application/x-javascript 2a02:26f0:10c:399::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.43.js?utv=201510262117
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:399::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=44047
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
110 B 40ms
37ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=trendmicro/nabu/201907152120&cb=1589041533621
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/trendmicro/nabu/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (mil/6BBD) /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
last-modified: Thu, 14 Apr 2016 16:59:33 GMT
server: ECAcc (mil/6BBD)
age: 1535053
etag: "2243872957"
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Sat, 09 May 2020 16:35:33 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
102 B 7ms
5ms Image
image/gif 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j82&a=2007336349&t=pageview&_s=1&dl=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&ul=en-us&de=UTF-8&dt=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_utma=247958868.812380423.1589041533.1589041533.1589041533.1&_utmz=247958868.1589041533.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1589041533627&_u=SCCCCAIrB~&cid=812380423.1589041533&tid=UA-44592531-1&_gid=1550589213.1589041533&cd15=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&z=1250245755

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 04 Apr 2020 07:55:17 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 3054616
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
www.googleadservices.com/pagead/conversion/1015287688/ 2 KB
1 KB 83ms
83ms Script
text/javascript 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/1015287688/?random=1589041533669&cv=9&fst=1589041533669&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f2.1e100.net

Software

cafe /

Resource Hash

3d3d9ebefbff61729a8a1826f7bd368dd6bde9e5983243b2c39215b43ad1cc22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1184
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK sholic.js Show response
px.owneriq.net/stas/s/ 16 KB
5 KB 115ms
29ms Script
application/x-javascript 23.37.61.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://px.owneriq.net/stas/s/sholic.js
Requested by: Host: partner.shareaholic.com
URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.61.90 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-61-90.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: 2d444243c4617347df1c965e43c057c4b87c025e746c2af9a02d5663d3c3f1fe

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Mar 2017 01:23:14 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: application/x-javascript
Connection: keep-alive
Content-Length: 4924
Expires: Sun, 10 May 2020 15:23:45 GMT

GET
H/1.1 200
OK taglw.aspx Show response
ml314.com/ 11 KB
5 KB 253ms
63ms Script
application/javascript 52.215.103.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/taglw.aspx?94
Requested by: Host: partner.shareaholic.com
URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: dbc6f8482e109c50a08070e9c7abfa0812ad9ee2f25d2170dbaf9f6ae388d9d8

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Sat, 09 May 2020 06:54:39 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=52145
Connection: keep-alive
Content-Length: 4999
Expires: Sun, 10 May 2020 06:54:39 GMT

GET
H/1.1 200
OK beacon.js Show response
sb.scorecardresearch.com/ 1 KB
1 KB 116ms
31ms Script
application/x-javascript 2.16.31.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: partner.shareaholic.com
URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-31-65.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: private, no-transform, max-age=86400
Connection: keep-alive
Content-Length: 884
Expires: Sun, 10 May 2020 16:25:33 GMT

GET
H2 200 afsh.js Show response
cdn.tynt.com/ 11 KB
4 KB 121ms
29ms Script
application/javascript 104.16.88.26
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/afsh.js
Requested by: Host: partner.shareaholic.com
URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.16.88.26 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ebc62f39fe40ee7fb0209448ced8a3c50b7085ea624eb6c5ee474c8ac3564873

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 05 May 2020 20:49:35 GMT
server: cloudflare
age: 70494
etag: W/"5eb1d15f-2ad7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=259200
cf-ray: 590cc6f24a98cc46-ZRH
cf-request-id: 029bdaab6d0000cc4657b7c200000001
expires: Tue, 12 May 2020 16:25:33 GMT

GET
H2

200

tpid=9a549e00-6e51-45d8-8039-3ed40c05936e
sync.crwdcntrl.net/map/ct=y/c=9193/tp=SHLC/
Redirect Chain

https://sync.crwdcntrl.net/map/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e
https://sync.crwdcntrl.net/map/ct=y/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e

49 B
711 B

75ms
75ms

Image
image/gif

52.49.190.28
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/map/ct=y/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.190.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-190-28.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
status: 200
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.5.41
content-type: image/gif
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
status: 302
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://sync.crwdcntrl.net/map/ct=y/c=9193/tp=SHLC/tpid=9a549e00-6e51-45d8-8039-3ed40c05936e
cache-control: no-cache
x-server: 10.45.20.98
content-length: 0
expires: 0

GET
H/1.1 200
OK bk-coretag.js Show response
tags.bkrtx.com/js/ 30 KB
11 KB 142ms
40ms Script
text/javascript 95.100.78.156
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.bkrtx.com/js/bk-coretag.js
Requested by: Host: partner.shareaholic.com
URL: https://partner.shareaholic.com/partners.js?location=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&cl=en-US&id_sync=9a549e00-6e51-45d8-8039-3ed40c05936e&minify=1&pvs=1&site=f9f1a771608a24e84c49a8532e282dc1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.78.156 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-78-156.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Wed, 04 Mar 2020 16:24:16 GMT
Server: Apache
ETag: "31600f9-7850-5a009da075833"
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=604800
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10546
Expires: Sat, 16 May 2020 16:25:33 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=158...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8866%26url%3Dhttps%253A%252F%252Fblog.trendmicro.com%252Ftrendlabs-security-intel...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=158...

0
131 B

123ms
123ms

Image
application/javascript

2a05:f500:10:101::b93f:9105
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=1589041533707&liSync=true
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:34 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 0
x-li-uuid: ZC5eJ9toDRYgjoVEaisAAA==

Redirect headers

strict-transport-security: max-age=2592000
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: VB2II9toDRZgc3ST5yoAAA==
pragma: no-cache
x-li-pop: afd-prod-lva1
x-msedge-ref: Ref A: 2DF158DD5ABB48EA9414F6703717E4BE Ref B: FRAEDGE0721 Ref C: 2020-05-09T16:25:33Z
date: Sat, 09 May 2020 16:25:33 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&time=1589041533707&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransom...
5427711.fls.doubleclick.net/ Frame 4144
Redirect Chain

https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-rans...
https://5427711.fls.doubleclick.net/activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-sec...

0
0

49ms
48ms

Document
text/html

216.58.205.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5427711.fls.doubleclick.net/activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.205.230 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s24-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5427711.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: about:blank

Response headers

status: 200
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sat, 09 May 2020 16:25:33 GMT
expires: Sat, 09 May 2020 16:25:33 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 403
x-xss-protection: 0
set-cookie: IDE=AHWqTUmRdNC-32o2BlYv2-XcWmF0VSBrUHKcpsXkFhoZ3DmQo9O2iEY9DG0npWRK; expires=Mon, 09-May-2022 16:25:33 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT; SameSite=none; Secure
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
date: Sat, 09 May 2020 16:25:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5427711.fls.doubleclick.net/activityi;dc_pre=CL_EpIGZp-kCFVOVdwodJqwNxg;src=5427711;type=remar0;cat=allsi0;ord=1;num=3562068032214;gtm=2wg4t0;auiddc=875692470.1589041534;u1=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F;~oref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 bat.js Show response
bat.bing.com/ 25 KB
8 KB 43ms
30ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
last-modified: Mon, 13 Apr 2020 22:01:50 GMT
x-msedge-ref: Ref A: BA438EB848724AC786634EECE3BC1BD5 Ref B: FRA31EDGE0206 Ref C: 2020-05-09T16:25:33Z
status: 200
etag: "0db222df11d61:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7610

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ 4 KB
2 KB 40ms
40ms Script
application/x-javascript 54.230.181.160
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TXGNM2&l=dataLayer
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.230.181.160 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-230-181-160.ham50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Fri, 08 May 2020 16:29:42 GMT
Content-Encoding: gzip
Last-Modified: Mon, 13 Jan 2020 19:16:48 GMT
Server: AmazonS3
Age: 86222
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 c46d7c5a8bf0a3035249184c40b6aea4.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: HAM50-C3
X-Amz-Cf-Id: jr3TSGVaudPOHsqgqy4728buaQI_9es53Df1ffiuj10_ow0jO0sjKA==

GET
H/1.1

200
OK

/
attr.ml-api.io/
Redirect Chain

https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.trendmicro.com%2526pId%253d%2524UID
https://attr.ml-api.io/?domain=www.trendmicro.com&pId=3196603570809964121

4 B
484 B

408ms
184ms

Image
image/jpeg

13.225.87.25
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=3196603570809964121
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.225.87.25 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-87-25.fra2.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:34 GMT
Via: 1.1 882f747f39885162595630c95dd0012d.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA2-C2
x-amzn-RequestId: 91fb7f6c-e4f0-4080-95bf-4c8ef89e8dba
X-Cache: Miss from cloudfront
Content-Type: image/jpeg
X-Amzn-Trace-Id: Root=1-5eb6d97e-e7533d0d97bf83871b7d8473;Sampled=0
Connection: keep-alive
x-amz-apigw-id: MRbryHNFIAMFqpg=
Content-Length: 4
X-Amz-Cf-Id: VQ2UiwoaIDNZiXXpFDKYn1Ehxak_2qSZmapMT8j2oiQwc9QIjc8ZHw==

Redirect headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:36 GMT
X-Proxy-Origin: 185.236.201.148; 185.236.201.148; 537.bm-nginx-loadbalancer.mgmt.fra1; *.adnxs.com; 37.252.172.117:80
AN-X-Request-Uuid: 36539ace-2b33-425a-ad1d-1fec25a9c049
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://attr.ml-api.io/?domain=www.trendmicro.com&pId=3196603570809964121
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/929919117/ 2 KB
1 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:819::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/929919117/?random=1589041533788&cv=9&fst=1589041533788&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4t0&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e16a5c68cb972b936f9cc2c20410137ca4e0159f3ec6736db5fa600c55ba6c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25="googleads.g.doubleclick.net:443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1085
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/158/ 11 KB
5 KB 39ms
39ms Script
application/x-javascript 88.221.60.75
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/158/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 88.221.60.75 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a88-221-60-75.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Last-Modified: Tue, 28 Jan 2020 03:01:21 GMT
Server: Apache
ETag: "67df7eb9e9e68638308f14367dddec10:1580180481"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4686
Expires: Mon, 17 Aug 2020 16:25:33 GMT

GET
H2

200

/
www.google.de/pagead/1p-conversion/1015287688/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1...
https://www.google.com/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=120...
https://www.google.de/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200...

42 B
110 B

19ms
18ms

Image
image/gif

2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=fdm2XtvYKr2H7_UPi62r4Ac&random=2519691355&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/1015287688/?random=1736631740&cv=9&fst=*&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&sendb=1&ig=1&frm=0&url=https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&gtd=&is_vtc=1&ocp_id=fdm2XtvYKr2H7_UPi62r4Ac&random=2519691355&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 0663674565 Show response
ixf2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/ 2 KB
2 KB 193ms
129ms XHR
application/json 35.244.153.179
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ixf2-api.bc0a.com/api/ixf/1.0.0/get_capsule/f00000000017219/0663674565?client=js_sdk&client_version=1.2.7&orig_url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&base_url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&user_agent=Mozilla%2F5.0%20(Macintosh%3B%20Intel%20Mac%20OS%20X%2010_14_5)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F74.0.3729.169%20Safari%2F537.36
Requested by: Host: cdn.bc0a.com
URL: https://cdn.bc0a.com/be_ixf_js_sdk.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.153.179 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 179.153.244.35.bc.googleusercontent.com
Software: Apache /
Resource Hash: 1ffdb80488ddd78fadd6c6902b6598826cfabc9396252537772e8ba9024be1f9

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:33 GMT
via: 1.1 google
last-modified: Fri, 31 May 2019 15:43:04 GMT
server: Apache
etag: "13e2503-74f-58a30dec3f200"
status: 200
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: clear
content-length: 1871

GET
H2 200 adsct
t.co/i/ 43 B
448 B 224ms
153ms Image
image/gif 104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Sat, 09 May 2020 16:25:33 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: c23ed9e752d92dac4b3ee30173782735
x-transaction: 000eea640052c3c5
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1

200
OK

noop
px.owneriq.net/ Frame 4BA2
Redirect Chain

https://px.owneriq.net/eps?pt=sholic&pid=1693&uid=Q6423279331174338935J&l=true
https://px.owneriq.net/noop?ct=text%2Fhtml

0
0

30ms
28ms

Document
text/html

23.37.61.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://px.owneriq.net/noop?ct=text%2Fhtml
Requested by: Host: px.owneriq.net
URL: https://px.owneriq.net/stas/s/sholic.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.61.90 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-61-90.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash

Request headers

Host: px.owneriq.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: about:blank

Response headers

Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 0
Content-Type: text/html
Date: Sat, 09 May 2020 16:25:33 GMT
Connection: keep-alive

Redirect headers

Server: AkamaiGHost
Content-Length: 0
Location: https://px.owneriq.net/noop?ct=text%2Fhtml
Date: Sat, 09 May 2020 16:25:33 GMT
Connection: keep-alive

GET
H/1.1

200
OK

noop Show response
px.owneriq.net/
Redirect Chain

https://px.owneriq.net/j/?pt=sholic&t=d%7C%22Software%22&s=inte
https://px.owneriq.net/noop?ct=application%2Fx-javascript

0
302 B

28ms
28ms

Script
application/x-javascript

23.37.61.90
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://px.owneriq.net/noop?ct=application%2Fx-javascript
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.61.90 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-61-90.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Server: Apache/2.2.15 (CentOS)
Connection: keep-alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By: PHP/5.3.3
Content-Length: 0
Content-Type: application/x-javascript

Redirect headers

Location: https://px.owneriq.net/noop?ct=application%2Fx-javascript
Date: Sat, 09 May 2020 16:25:33 GMT
Server: AkamaiGHost
Connection: keep-alive
Content-Length: 0

GET
H/1.1

204
No Content

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Inte...
https://sb.scorecardresearch.com/b2?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Int...

0
248 B

32ms
32ms

Image
text/plain

2.16.31.65
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&c7=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&c9=
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.16.31.65 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-31-65.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:33 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://sb.scorecardresearch.com/b2?c1=7&c2=19376307&c3=1&ns__t=1589041533813&ns_c=UTF-8&cv=3.5&c8=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&c7=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&c9=
Pragma: no-cache
Date: Sat, 09 May 2020 16:25:33 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 p
ic.tynt.com/b/ 35 B
523 B 404ms
134ms Image
image/gif 67.202.110.34
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=sh!sh&lm=0&ts=1589041533821&dn=AFSH&iso=0&img=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ffiles%2F2019%2F04%2FRansomeware.jpg&t=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&cu=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.110.34 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-110.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:34 GMT
last-modified: Fri, 16 Apr 2010 15:38:20 GMT
server: nginx/1.16.1
etag: "4bc8846c-23"
p3p: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID", CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
status: 200
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
accept-ranges: bytes
content-type: image/gif
content-length: 35
expires: "Sat, 26 Jul 1997 05:00:00 GMT"

GET
H2 204 0
bat.bing.com/action/ 0
150 B 31ms
30ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=26044208&Ver=2&mid=f64303ea-cb9a-dd9e-6004-55ca7cd54d94&sid=18262556-350c-1439-576e-69c9f3659003&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&p=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&r=&lt=543&evt=pageLoad&msclkid=N&sv=1&rn=879811
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: BD0AAA9EBD9045B1BB20F6F3E7B0EDEC Ref B: FRA31EDGE0206 Ref C: 2020-05-09T16:25:33Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/929919117/ 42 B
122 B 19ms
18ms Image
image/gif 2a00:1450:4001:815::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/929919117/?random=1589041533788&cv=9&fst=1589040000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4t0&sendb=1&frm=0&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&async=1&fmt=3&is_vtc=1&random=2170101097&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/929919117/ 42 B
110 B 19ms
19ms Image
image/gif 2a00:1450:4001:814::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/929919117/?random=1589041533788&cv=9&fst=1589040000000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg4t0&sendb=1&frm=0&url=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&tiba=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&async=1&fmt=3&is_vtc=1&random=2170101097&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:33 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK visitWebPage Show response
945-cxd-062.mktoresp.com/webevents/ 2 B
304 B 454ms
115ms XHR
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://945-cxd-062.mktoresp.com/webevents/visitWebPage?_mchNc=1589041533872&_mchCn=&_mchId=945-CXD-062&_mchTk=_mch-trendmicro.com-1589041533871-30311&_mchHo=blog.trendmicro.com&_mchPo=&_mchRu=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&_mchPc=https%3A&_mchVr=158&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/158/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: akka-http/10.1.11 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Sat, 09 May 2020 16:25:34 GMT
Content-Encoding: gzip
Server: akka-http/10.1.11
Transfer-Encoding: chunked
X-Request-Id: 8b110088-cbd8-499f-9f67-852ab4208b49
Content-Type: text/plain; charset=UTF-8

GET
H/1.1 200
OK 41110
stags.bluekai.com/site/ Frame 133E 0
0 334ms
272ms Document
text/html 92.123.150.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://stags.bluekai.com/site/41110?ret=html&phint=sh005%3D1111845&phint=sh001%3D24815323&phint=sh004%3D10813269&phint=sh004%3D10813248&phint=sh001%3D13594596&phint=sh005%3D10813254&phint=sh001%3D10930608&phint=sh004%3D10813255&phint=sh004%3D10813351&phint=sh005%3D10813275&phint=sh004%3D10813253&phint=sh001%3D24816761&phint=sh004%3D10813284&phint=sh005%3D1111754&phint=sh005%3D1111743&phint=sh005%3D1111755&phint=sh001%3D10930641&phint=sh001%3D12644461&phint=sh001%3D12644396&phint=sh004%3D8762415&phint=sh005%3D6573714&phint=__bk_t%3DTargeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&phint=__bk_k%3D&phint=__bk_l%3Dhttps%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&phint=__bk_v%3D3.1.4&limit=1&r=38385184
Requested by: Host: tags.bkrtx.com
URL: https://tags.bkrtx.com/js/bk-coretag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 92.123.150.214 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a92-123-150-214.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: stags.bluekai.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Response headers

Content-Type: text/html
Content-Length: 71
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
BK-Server: 48d8
Date: Sat, 09 May 2020 16:25:34 GMT
Connection: keep-alive
X-N: S

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 291 B
1 KB 69ms
69ms Script
application/javascript 52.215.103.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=51840&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&pv=1589041533931_3e2nowcdx&bl=en-us&cb=2612657&return=&ht=&d=&dc=&si=1589041533931_3e2nowcdx&cid=&s=1600x1200&rp=&nc=1
Requested by: Host: ml314.com
URL: https://ml314.com/taglw.aspx?94
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 92fa927d5010c63b3f8767d1b27c88a5132c83b69a1e440013fc4c437070f985

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:32 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 320
Expires: 0

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 438 B
1 KB 134ms
63ms Script
application/javascript 52.215.103.126
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=51840&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&pv=1589041533934_vbijmuotn&bl=en-us&cb=2674541&return=https%3A%2F%2Fpixel.shareaholic.com%2Frsync.gif%3Fp%3D24%26u%3D%5BPersonID%5D%26s%3D9a549e00-6e51-45d8-8039-3ed40c05936e&ht=&d=&dc=&si=1589041533931_3e2nowcdx&cid=&s=1600x1200&rp=&nc=1
Requested by: Host: ml314.com
URL: https://ml314.com/taglw.aspx?94
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 7b32d5ff6c9acf3b03ea404df37be8dae3553e14e0ae3978b2baab233cd3f458

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:33 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 385
Expires: 0

POST
H/1.1 200
OK ping Show response
api.viglink.com/api/ 233 B
919 B 311ms
126ms XHR
text/javascript 34.250.145.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/ping
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.145.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-145-255.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 59f2e276566832cebb8a97131035e2ad73cc8aeddac5a36d8ebe64e188e72b92

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:34 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.trendmicro.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 233
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2zxvxOehPhEW-EYcR1eInSKjqDnenYdIgCDwVtNTCVfI&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil

70 B
440 B

36ms
36ms

Image
image/gif

3.127.178.105
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.127.178.105 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-127-178-105.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:35 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:35 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil
Cache-Control: private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 168
Expires: 0,Sun, 10 May 2020 12:25:35 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929016537185%26eid=50220
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929016537185%26eid=50220&mm_bnc&mm_bct&UUID=41755eb6-d97e-4100-a428-b5015e708814
https://ml314.com/csync.ashx?fp=41755eb6-d97e-4100-a428-b5015e708814&person_id=3610154929016537185&eid=50220

43 B
312 B

64ms
63ms

Image
image/gif

52.215.103.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=41755eb6-d97e-4100-a428-b5015e708814&person_id=3610154929016537185&eid=50220
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Sun, 10 May 2020 12:25:34 GMT

Redirect headers

Date: Sat, 09 May 2020 16:25:34 GMT
Server: MT3 2284 a4a3c58 master cdg-pixel-x5
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://ml314.com/csync.ashx?fp=41755eb6-d97e-4100-a428-b5015e708814&person_id=3610154929016537185&eid=50220
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Sat, 09 May 2020 16:25:33 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929291788292%26eid=50220
https://pixel.mathtag.com/sync/img?redir=https://ml314.com/csync.ashx%3Ffp=[MM_UUID]%26person_id=3610154929291788292%26eid=50220&mm_bnc&mm_bct&UUID=6d535eb6-d97e-4900-8664-19b8e89a6d88
https://ml314.com/csync.ashx?fp=6d535eb6-d97e-4900-8664-19b8e89a6d88&person_id=3610154929291788292&eid=50220

43 B
312 B

51ms
51ms

Image
image/gif

52.215.103.126
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=6d535eb6-d97e-4900-8664-19b8e89a6d88&person_id=3610154929291788292&eid=50220
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.215.103.126 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-103-126.eu-west-1.compute.amazonaws.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:33 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Sun, 10 May 2020 12:25:34 GMT

Redirect headers

Date: Sat, 09 May 2020 16:25:34 GMT
Server: MT3 2394 c40d15a master cdg-pixel-x10
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: https://ml314.com/csync.ashx?fp=6d535eb6-d97e-4900-8664-19b8e89a6d88&person_id=3610154929291788292&eid=50220
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 0
Expires: Sat, 09 May 2020 16:25:33 GMT

GET
H2 200 rsync.gif
pixel.shareaholic.com/ 43 B
249 B 389ms
126ms Image
image/gif 52.0.243.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.shareaholic.com/rsync.gif?p=24&u=3610154929291788292&s=9a549e00-6e51-45d8-8039-3ed40c05936e
Requested by: Host: blog.trendmicro.com
URL: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.0.243.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-0-243-110.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:34 GMT
p3p: CP='OTI DSP COR DEVo ADMa OUR CONo IND COM INT ONL PUR STA OTC'
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
258 B 407ms
135ms Script
application/javascript 208.100.17.188
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=sh!sh&dn=AFSH&cc=1&r=
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/afsh.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 208.100.17.188 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip188.208-100-17.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sat, 09 May 2020 16:25:33 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK domains Show response
api.viglink.com/api/ 96 B
547 B 69ms
69ms XHR
text/javascript 34.250.145.255
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.viglink.com/api/domains
Requested by: Host: cdn.viglink.com
URL: https://cdn.viglink.com/api/vglnk.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.250.145.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-250-145-255.eu-west-1.compute.amazonaws.com
Software: Apache-Coyote/1.1 /
Resource Hash: 6a5728dd64a6b77b7f2b1365d8b0d14636fa4e2bc29a7a9ca59bf7418212cb5c

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Sat, 09 May 2020 16:25:33 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://blog.trendmicro.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 96
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
652 B 218ms
151ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nuwoi&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 09 May 2020 16:25:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 115
pragma: no-cache
last-modified: Sat, 09 May 2020 16:25:35 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 20709fda681c028d35ddfe5cf5668b1a
x-transaction: 00b3582e00eb4d48
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T8DW3SL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 30 Apr 2020 21:54:13 GMT
server: Golfe2
age: 5356
date: Sat, 09 May 2020 14:56:19 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18433
expires: Sat, 09 May 2020 16:56:19 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
104 B 16ms
16ms Image
image/gif 2a00:1450:4001:81b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j82&a=2007336349&t=event&ni=1&_s=1&dl=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&ul=en-us&de=UTF-8&dt=Targeted%20Ransomware%20Attack%20Hits%20Taiwanese%20Organizations%20-%20TrendLabs%20Security%20Intelligence%20Blog&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Tracking&ea=%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&el=10%25%20Scroll&ev=0&_u=aCjCCEIrB~&jid=598415054&gjid=1876454917&cid=812380423.1589041533&tid=UA-137644-6&_gid=1088560024.1589041535&_r=1&gtm=2wg4t0T8DW3SL&z=25325011

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 09 May 2020 16:25:35 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
status: 200
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK stat.gif
referrer.disqus.com/juggler/ 43 B
295 B 207ms
150ms Image
image/gif 151.101.12.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/stat.gif?event=cmp.present

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 09 May 2020 16:25:36 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

GET
H2 200 up
insight.adsrvr.org/track/ Frame 0B6B 0
0 55ms
54ms Document
text/html 52.17.96.142
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=g2lzvow&ref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&upid=803df29&upv=1.1.0&pto=1
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.17.96.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-96-142.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

:method: GET
:authority: insight.adsrvr.org
:scheme: https
:path: /track/up?adv=g2lzvow&ref=https%3A%2F%2Fblog.trendmicro.com%2Ftrendlabs-security-intelligence%2Ftargeted-ransomware-attack-hits-taiwanese-organizations%2F&upid=803df29&upv=1.1.0&pto=1
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://blog.trendmicro.com/trendlabs-security-intelligence/targeted-ransomware-attack-hits-taiwanese-organizations/

Response headers

status: 200
date: Sat, 09 May 2020 16:25:36 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Verdicts & Comments Add Verdict or Comment

234 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 23) Message: JQMIGRATE: Migrate is installed with logging active, version 1.4.1
console-api	warning	URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 45) Message: JQMIGRATE: jQuery.browser is deprecated
console-api	log	URL: https://blog.trendmicro.com/trendlabs-security-intelligence/wp-includes/js/jquery/jquery-migrate.js?ver=1.4.1(Line 47) Message: console.trace

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5427711.fls.doubleclick.net
945-cxd-062.mktoresp.com
analytics.shareaholic.com
analytics.twitter.com
api.viglink.com
attr.ml-api.io
bat.bing.com
blog.trendmicro.com
c.disquscdn.com
cdn.bc0a.com
cdn.shareaholic.net
cdn.tynt.com
cdn.viglink.com
de.tynt.com
dev.visualwebsiteoptimizer.com
disqus.com
documents.trendmicro.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
graph.facebook.com
ic.tynt.com
insight.adsrvr.org
ixf2-api.bc0a.com
js.adsrvr.org
m9m6e2w5.stackpathcdn.com
ml314.com
munchkin.marketo.net
partner.shareaholic.com
pixel.mathtag.com
pixel.shareaholic.com
ps.eyeota.net
px.ads.linkedin.com
px.owneriq.net
referrer.disqus.com
resources.trendmicro.com
s.ml-attr.com
s.ytimg.com
sb.scorecardresearch.com
secure.adnxs.com
sjs.bizographics.com
ssl.google-analytics.com
stags.bluekai.com
static.ads-twitter.com
sync.crwdcntrl.net
t.co
tags.bkrtx.com
tags.tiqcdn.com
trendlabs.disqus.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.shareaholic.net
www.trendmicro.com
www.youtube.com
104.16.88.26
104.17.72.206
104.244.42.5
104.244.42.67
107.20.140.231
13.225.87.25
150.70.178.131
151.101.0.134
151.101.112.157
151.101.12.134
151.139.128.11
152.199.23.241
172.217.16.130
192.28.144.124
2.16.31.65
2.18.233.201
208.100.17.188
216.58.205.230
23.37.49.171
23.37.61.90
2606:4700::6810:a20d
2606:4700::6812:a813
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:801::200a
2a00:1450:4001:808::200e
2a00:1450:4001:809::2008
2a00:1450:4001:814::2003
2a00:1450:4001:815::2004
2a00:1450:4001:819::2002
2a00:1450:4001:81b::200e
2a00:1450:4001:81f::2003
2a00:1450:4001:820::2008
2a02:26f0:10c:399::3adf
2a03:2880:f01c:800e:face:b00c:0:2
2a05:f500:10:101::b93f:9105
3.127.178.105
3.93.188.41
34.250.145.255
34.96.102.137
35.201.125.192
35.244.153.179
37.252.173.38
52.0.243.110
52.17.96.142
52.215.103.126
52.49.190.28
54.230.181.160
54.87.159.104
67.202.110.34
68.67.153.60
88.221.60.75
92.123.150.214
95.100.78.156
005929580da46135c58cae0cbfcccd17e510aac10a27a3e674fb85ae4bee95c0
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
0615974c40d602afdbf9759533e352bc17b0458c85aad6694b1a1ad20659625b
079e218ad07f42523479d475b4973a6e386ba95209ee964c04c1a6eb6186bda3
0819ab8b8211e99514e2b34bab24ae6d718e9f3d9ff3f7eae19380d293c77cc6
08f91baa9280e9a089f3e8b1dae667c4d69cc8268c59105e324847402332e4fd
09f9269176e86a07cd9f52f45c0d75cdf6b02180c71bcb1bb2c01ee33a0c3bd7
0c6ef976b32b0f9158ce1211ed5d75bc3197e5a1802a70749e186fba11b78498
1210b2986220f5f6e6f416d87911e6655eed292f81a8219d8506f57c5d4353a3
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
17dbeff08f1c2770ec37f9edf909627395215a93ac4d8c0307eaac9a4cab49b8
18a5b957a8ccd83f466eb7dde5fc616bb00c0be8b660f4c729c3dd41e1e8249a
191e2a2deb0b16b4e6c833685b15ab930c8eaeec228391f6b26bc1fcda208c7b
196b0d1013a5fb1985890e13453ab76df8bdcee3d57893e84afa3f3e58eacf52
1b6a8ba260c8eb344ad40fadccadc8dd6752ed67318153676309febd6d83eb34
1bc4f47bd64d3c1a5f131b2241ac870c4a497a59237b3187d35eeff93ccba167
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
1fa0c6a60241076bfa896030442753f3880bf99ba73ddb6eb24dccad0bfc075c
1fc0d38b9284ff9a74513fcf231ea74b94e51decbaf109c8b5d2a01a5c33492a
1ffdb80488ddd78fadd6c6902b6598826cfabc9396252537772e8ba9024be1f9
20f2b7c4f6f460542ac14424e621a9aa42dbdd98447feb325b3e81e322598860
21e444926ee2b1297a9888fe081f196a640763626243aa07b80ff171049e7a8c
226659214f0a18a63243a665570ef5377dd0a4929b6198a62092ec92bededcb4
238b3b15fd1f306b170ab1b3af0c3e051f68642d487454544505d9c49d3f93bf
2d444243c4617347df1c965e43c057c4b87c025e746c2af9a02d5663d3c3f1fe
2dbc71f58138e245bfcdb54fec77467a32b9c3e8b4d9e7442aa122d984f94f29
2f1fd973e6c48489ae07c467e3278635b856c698d1f502e06af3ab555937deac
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
2f91858733fcccdcb9035e7c59c0762aa90388632e6e399cb65dda0b36572e55
304219d446a942af8ca4d11d14c002f44791e3834c95a8ff34bc79d4c4f7cba2
31895b039ea1a0252fda10656dbcef19e8647014d00e77f08e32a9db2abbe832
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
3c61dd7ca00d1d302de06b14332f1d1917a9c9658526aa94d895cd6a42c04e88
3d3d9ebefbff61729a8a1826f7bd368dd6bde9e5983243b2c39215b43ad1cc22
3ea0cc3de98565f804dc441a45d45c615a475740a03da4d2574121fe65f10706
4152a10de72f619cee83de413bb5c854f201a9fa30efe421655bf2d3a57426c2
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
49476f91ae0265b8a2db95ab66cf22d5abd7be374f7ec574443867ccab5ff638
53b91412b12f7724d162cd9d66b44ace39259b2bcb7500504c203df6e284e5fc
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
568a502aa767d3c49d8d68d6a7f5a88e2ed15bff9a64be1161d7b5fa3a698c2a
58405d4812cd660eddcf5e03bf9da20f5d0f5d3f8c3c4c2923d1e505c734a4e6
59f2e276566832cebb8a97131035e2ad73cc8aeddac5a36d8ebe64e188e72b92
5e16a5c68cb972b936f9cc2c20410137ca4e0159f3ec6736db5fa600c55ba6c6
5e62e5f7ea3ee74d6430ce302b0c61d95e93d43a80a449447c64ba791065202c
5eff54495ee918c52be1b5464755add10db4af7435ec5c5569b111a0e3fb430c
5f967fd41346c0fc1b9b44fa69c52bf1e754420c59c8017cefb0a14a764cafa4
5f9eba6b4a09e7bbdfb3e9f52cc59625bb0a26854804928ffdf03c5ac2ad7d1b
62d9012a3badacfbf2c47ba8f9e83f5d33b66d05e7b25b54dd60dc07f01a58fb
63af28c56dece5b853cf75697cc86d05eb8a75dae73a65624518806abe57180b
66561088efad00a5b856bbf459e42544bb596936943fbe3b0f8d7b6718608046
66cb96dce6495c4baf56c147060b654ab7ebb93c8428fb78be777805325890dd
670d2452df4e20e6a2371d8a48fbe1bde1e4664081f1f20b478095d0b14d8685
6a5728dd64a6b77b7f2b1365d8b0d14636fa4e2bc29a7a9ca59bf7418212cb5c
6ca28839ba7e005b11dcf8d6de4c24f13f2cc988393ed7a570c41ee88ab092fc
6d8dbab1ec193ec8700dab228e8efb9803ae9eb3625c92e1e1b93ebf7c92f275
746908a1b935d3ca0005ab17e8504e642f42cf3ce177dac795d898f5637dc0cb
7a3c6d22de397f163b11ae6e13db851b720abb639b0d158e1308a7ef02dfb97d
7b32d5ff6c9acf3b03ea404df37be8dae3553e14e0ae3978b2baab233cd3f458
7b8cd61f9d36175fe1b2fc50dfd1585716b9e55a87a82e8ec3c5d9739d6fb939
7d902673f947b5f070302fb19d049ed9d81694895de23552603e2da56782466b
7f5d20386c62bc7957520cfe679927bf480d6ca275e7d1b05f08994bca59b6ac
7fe4a76248b2a7e420fd86bf2a4f6cf14fb8aaaa73ba28cecbf97dd456445d84
82342a88cd29d949e73b523b1e910dfec0b345ca0828a1ef4c150249cd08e01c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83b6156cc083bff93b2794110a10cfa159379accb8bec32fa49ce3daa55b5cfb
84f7bdd9d518f244e12254d2dab2827a56fa1c0be95dd685178105518fdd94d2
86321c43556c304568daf15b1660cc91f90db686ee291c5f5da81522cd809ff1
86eeb624613debbef686caa048690a01896776553a1b0401131285903a20f0c5
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b67ffa5bcc69b72e1fd971de44ff6e71b379f039adc48eec47bb678bb619d15
90b34033918608d698be777640ea1c2a7e33e64229e10ae75cde40b8f4ac1ded
90fadc153cb3202eb4e63fa7f561f19d28ba6b66e1a91a57813c66c3032d54d9
92fa927d5010c63b3f8767d1b27c88a5132c83b69a1e440013fc4c437070f985
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
934e86411602136888ebbc38aeffa74670103f3a5415b1e8a0bf7b8d1ef6d7b4
9609588bc37c441a77b4a59833d9356028c573f4b26615a64f5143e4a197939b
96543b22a94e2ad5bcc8f7c80665280ec6dfcddef0d839bb69d73674468b4459
9ae96ab0304e11b2087289d9597b04653737286c456f2d69a2f408e350df575f
9de915b8773f1be6b99448d8fbdb7c359f10b5a06f544181597b8523eca6278b
9ea952c31d6d8c4c58481c338636f2424ee8ba8dfb6289645c0f1a3b2673698e
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1e2acedcc157bed6106061b1177d4de9102e7cb711fd74df49be5df56caecd2
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a5334747b268c8aa6cef2be9cd8ceb3f62636bf509b32124e9ef7b5539e34b0e
a9667d16d28f3a6a1b777fbdc7775a0ea43cfd5da93cfac4c948a240a398656f
aa05b14bf4b4344109b83cb7e5d26a20591c298ded57d8168911f820bd2ec8fc
ab78cb9ee20c50ccc237b0d1878a4fdbedb1981a2bbdac4ed071cdd40ea7f83c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b064443aa42bbd5016b9e0bf1ee513bf5b6325235e51c935a0babed0e9a0e661
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b47398de689f61b7290fe5b3364dadcd661167edfac2ff8ab2e87af1fa86fb97
b4c068f566d4557dac74a849284e07c1da7fb80e8a23812f99016eb1aee15186
bb15e076783b6ba0f44ce382e8a5a06775cb11f2f3f84f5067f3567188016c61
be23dbb4ef534fb2fbdf640c70e9ebce16ddd32eff4235784b99bbed85696cf6
beb4690cf911f555766083248e81809736077be198a40edad9868c9e4469ca65
bf724439f2f8fd287feb12f58c2e382886601ae7ace43215778dfd3d75435210
c005667a560305e72f76e6464a0cd95c7dbe9a35da6cffebe3617fbd1496faf7
c24a3b2d36ec09e0740b0fa92babcf900e375955823be3b08859ed2e9d116776
c24b44e8c7234bd170abd96909ce1668bb22d31635b8c99aeedaacf958969c76
c7d7214a0b940c1ffcbd64689a576c5847b42e886da3ad9ea45bc4cda214bac8
c92b6b5b0a0b5d8d904e4df3ea0d1e998641db9cdcfcd27e09d268339654e73c
cb7b1d2879140cf195c9413693e8b5deb87e3e350c9ab8b33989172a3de77d2b
cea0a05c5af6e21a409875328ed2e3dba79131b7c41f8ea07d0e0e02c7b7b59e
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d1695d8985b2411104b59085fcf35de39255e29ea68064e26bd3fb67116bbe42
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d2bc9c513d50deb617981195a91d357c004688ae7a90962da29814385e168dea
d2e8734e842f89489fa5bece0e3f613ba1c16ba2f12607a3cc0c38ff43413639
d548a9f91441aadb04287c2fca64b6da0a385c05c6e822978a6e2a79660cb1c5
d8366292b6413e815888abbc34c7800df0b1d8101bff22e1f3ca1f34170a73b3
d931ba2089021a1357761939c18bcc09aa856d39be2a707ea450333f5b3443c4
db3e8095381fb06bb6455b36c78beb4c8f1f6e3c2ef1483f97a8ec151704e6c6
dbc6f8482e109c50a08070e9c7abfa0812ad9ee2f25d2170dbaf9f6ae388d9d8
dce50148adaff4dccd1d95c9b25563011436e398272d530e974193b8685340a2
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3ac5c56d0c3a6005ee7a9226a3470acd9acbfa64244cddabb899140c8a8f5d4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e503c59c36fc19803b2e9572b10e7c06236bda692aebd97f29e2a5a96f9aa5b6
e6d8caf1a68e05d2debe0450cbd444dff6c02692dc6f83659767413b43e94f6d
e916478d94814b1a0c2680424c323db0514f4a022d16835cd7bcc754722308f4
ebc62f39fe40ee7fb0209448ced8a3c50b7085ea624eb6c5ee474c8ac3564873
ec8ada9c249466cc83ead6cfea75ba0851281bb5a850b2009034d993e6449715
ed6a7c7c15db91f2b6ffbaec4ccb7be48bd7853833e3e3e642ccf701fa90f3de
ed8103aa39e3d6156b0fca9caf6fc88473686048f495b08df443a5995e4c33fb
ee290666f02ac90c3e4bb57b767b7a32149599fa59ad1b8120208b74e79237ac
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f055e217bde76d711bd8b42af773f9f99b8a29d81ad9ed10b6379cc7e6c60452
f26d98c3973c7df12d78bbb4164589b59dc42d4797b58471b358364c1005b2d3
f368605bd5e23568ed3e0568d70b9b1d039b82059e5e199335d059c4e400bee4
f524ff58c404da0a3d4ed8367b452f604d53be5304649d6d3b018ea40dbf767b
f5acda93c7254b1e7aadc1ab2bdff1722803e55107334351118c4d64e51046f9
f62db0431252a733c9bdb2e3440e32d30912b486d2f6e5c7449a4a086d67f370
f8f9c7b2b42fddbc8006fce7d7a441502b29063c9e5f735cf13b3d4f5f5198ee
f98dcf431f3332864b56d2a3fd52ae0ca260a4638a7a199158279f146eed3f82
facbc08fab61c01d69c3137a7036b4c27cd04f188cf5104a71766d694b6e281a
fb0818cf8e7a75db034fca2117517ea5c98ac7a8236e9971603c3e135cf8bc22
fd503ca2cb350bd8ecec266730289fd8a519faffe250b976f7963dc10bfd829c

blog.trendmicro.com Open in urlscan Pro 23.37.49.171 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

165 Requests

100 %HTTPS

30 %IPv6

42 Domains

58 Subdomains

50 IPs

6 Countries

1862 kBTransfer

3448 kBSize

0 Cookies

42 Outgoing links

Redirected requests

165 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

blog.trendmicro.com Open in urlscan Pro
23.37.49.171 Public Scan

Screenshot
Live screenshot

Full Image

165
Requests

100 %
HTTPS

30 %
IPv6

42
Domains

58
Subdomains

50
IPs

6
Countries

1862 kB
Transfer

3448 kB
Size

0
Cookies

165 HTTP transactions
0 data transactions